Unimus forum

A discussion forum for Unimus
https://forum.unimus.net/

[Fixed in 2.2.2] 2.2.1 Broke RADIUS login

https://forum.unimus.net/viewtopic.php?f=9&t=1433

Page 1 of 1

[Fixed in 2.2.2] 2.2.1 Broke RADIUS login

Posted: Tue Mar 01, 2022 3:45 pm
by Qel_Hoth
We had 2.1.4 installed and configured for RADIUS authentication and it was working as expected. I was able to login with <radiususer> and my password.

We upgraded to 2.2.1 this morning and we are now unable to log in as <radiususer>. On the login page, there is a red ! to the left of the password box and it says that the password must contain one uppercase, lowercase, and number and must be 8-256 characters long. The password for <radiususer> does not contain an uppercase character. Clicking Login does nothing. If I add an uppercase character to the password, the red ! goes away and we can click Login, but the login obviously fails as the password is incorrect.

If logged in as a local user, then we go to User Management -> Radius Configuration -> Test, authentication succeeds for <radiususer>.

Is checking for password strength when entering a password for a RADIUS user on the login page intended behavior?

Re: 2.2.1 Broke RADIUS login

Posted: Tue Mar 01, 2022 4:31 pm
by Tomas
Hi, in our focus on security in 2.2, we have changed the login password validator to be the same as the user password requirements in Unimus. Sadly, we did not forsee the impact on users using external AAA, where password requirements can be different.

We will revert the login password complexity check and release this in a hotfix release.

Re: 2.2.1 Broke RADIUS login

Posted: Thu Mar 10, 2022 8:22 pm
by kknapp
Tomas wrote:
Tue Mar 01, 2022 4:31 pm
 Hi, in our focus on security in 2.2, we have changed the login password validator to be the same as the user password requirements in Unimus. Sadly, we did not forsee the impact on users using external AAA, where password requirements can be different.

We will revert the login password complexity check and release this in a hotfix release.
Is this hotfix already available? We're also seeing this issue with multiple users reporting problems.

Re: 2.2.1 Broke RADIUS login

Posted: Thu Mar 10, 2022 8:51 pm
by Tomas
kknapp wrote:
Thu Mar 10, 2022 8:22 pm
 Is this hotfix already available? We're also seeing this issue with multiple users reporting problems.
We are currently targeting 6 bugfixes for the 2.2.2 release. 4 of these are fixed, 2 are still being worked on. The login validator is a part of the fixed ones. Release target for 2.2.2. on Monday (14.) or Tuesday (15.) at latest.

Re: 2.2.1 Broke RADIUS login

Posted: Thu Mar 17, 2022 9:16 pm
by Vik@Unimus
We have a new Unimus version 2.2.2 live now, which contains a fix for RADIUS logins. You can find the new version below

https://unimus.net/download

If you spot any issue, let us know.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited