We had 2.1.4 installed and configured for RADIUS authentication and it was working as expected. I was able to login with <radiususer> and my password.
We upgraded to 2.2.1 this morning and we are now unable to log in as <radiususer>. On the login page, there is a red ! to the left of the password box and it says that the password must contain one uppercase, lowercase, and number and must be 8-256 characters long. The password for <radiususer> does not contain an uppercase character. Clicking Login does nothing. If I add an uppercase character to the password, the red ! goes away and we can click Login, but the login obviously fails as the password is incorrect.
If logged in as a local user, then we go to User Management -> Radius Configuration -> Test, authentication succeeds for <radiususer>.
Is checking for password strength when entering a password for a RADIUS user on the login page intended behavior?
[Fixed in 2.2.2] 2.2.1 Broke RADIUS login
Hi, in our focus on security in 2.2, we have changed the login password validator to be the same as the user password requirements in Unimus. Sadly, we did not forsee the impact on users using external AAA, where password requirements can be different.
We will revert the login password complexity check and release this in a hotfix release.
We will revert the login password complexity check and release this in a hotfix release.
Is this hotfix already available? We're also seeing this issue with multiple users reporting problems.Tomas wrote: ↑Tue Mar 01, 2022 4:31 pmHi, in our focus on security in 2.2, we have changed the login password validator to be the same as the user password requirements in Unimus. Sadly, we did not forsee the impact on users using external AAA, where password requirements can be different.
We will revert the login password complexity check and release this in a hotfix release.
We are currently targeting 6 bugfixes for the 2.2.2 release. 4 of these are fixed, 2 are still being worked on. The login validator is a part of the fixed ones. Release target for 2.2.2. on Monday (14.) or Tuesday (15.) at latest.
-
- Posts: 198
- Joined: Thu Aug 05, 2021 6:35 pm
We have a new Unimus version 2.2.2 live now, which contains a fix for RADIUS logins. You can find the new version below
https://unimus.net/download
If you spot any issue, let us know.
https://unimus.net/download
If you spot any issue, let us know.