[Fixed in 2.2.2] 2.2.1 Broke RADIUS login

Unimus support forum
Post Reply
Qel_Hoth
Posts: 1
Joined: Tue Mar 01, 2022 3:39 pm

Tue Mar 01, 2022 3:45 pm

We had 2.1.4 installed and configured for RADIUS authentication and it was working as expected. I was able to login with <radiususer> and my password.

We upgraded to 2.2.1 this morning and we are now unable to log in as <radiususer>. On the login page, there is a red ! to the left of the password box and it says that the password must contain one uppercase, lowercase, and number and must be 8-256 characters long. The password for <radiususer> does not contain an uppercase character. Clicking Login does nothing. If I add an uppercase character to the password, the red ! goes away and we can click Login, but the login obviously fails as the password is incorrect.

If logged in as a local user, then we go to User Management -> Radius Configuration -> Test, authentication succeeds for <radiususer>.

Is checking for password strength when entering a password for a RADIUS user on the login page intended behavior?
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Tue Mar 01, 2022 4:31 pm

Hi, in our focus on security in 2.2, we have changed the login password validator to be the same as the user password requirements in Unimus. Sadly, we did not forsee the impact on users using external AAA, where password requirements can be different.

We will revert the login password complexity check and release this in a hotfix release.
kknapp
Posts: 2
Joined: Thu Mar 10, 2022 8:20 pm

Thu Mar 10, 2022 8:22 pm

Tomas wrote:
Tue Mar 01, 2022 4:31 pm
Hi, in our focus on security in 2.2, we have changed the login password validator to be the same as the user password requirements in Unimus. Sadly, we did not forsee the impact on users using external AAA, where password requirements can be different.

We will revert the login password complexity check and release this in a hotfix release.
Is this hotfix already available? We're also seeing this issue with multiple users reporting problems.
User avatar
Tomas
Posts: 1206
Joined: Sat Jun 25, 2016 12:33 pm

Thu Mar 10, 2022 8:51 pm

kknapp wrote:
Thu Mar 10, 2022 8:22 pm
Is this hotfix already available? We're also seeing this issue with multiple users reporting problems.
We are currently targeting 6 bugfixes for the 2.2.2 release. 4 of these are fixed, 2 are still being worked on. The login validator is a part of the fixed ones. Release target for 2.2.2. on Monday (14.) or Tuesday (15.) at latest.
Vik@Unimus
Posts: 198
Joined: Thu Aug 05, 2021 6:35 pm

Thu Mar 17, 2022 9:16 pm

We have a new Unimus version 2.2.2 live now, which contains a fix for RADIUS logins. You can find the new version below

https://unimus.net/download

If you spot any issue, let us know.
Post Reply