Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
297
Views
1
Helpful
1
Replies

Parsing auth proxy config values have reserved charachters

mcnop
Level 1
Level 1

‎07-31-2023 03:45 PM

I'm trying to set up a radius proxy on RHEL.
Is there any guidance on reserved characters, escaping or quoting non-alphanumeric values to be parsed from the configuration file?
One of the videos I watched indicated ; and # should not be used for values such as the secret because they are interpreted as the beginning of a comment.  I have confirmed the proxy works as expected when sticking with alpha-numeric secret, and that non-alphanumeric characters were usable when the endpoint points directly at the primary radius server.
I am primarily interested in the radius secret field, but also how the config parsing restrictions in general.

Labels:
0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎08-01-2023 08:43 AM

In addition to the comment characters # and ; (as mentioned here), also watch for commas in the user passwords, as that's the default delimiter character for appending passcodes or factors to a password in LDAP and some RADIUS configurations. We have occasionally seen issues with non-UTF8 characters in user passwords or secrets, which can be remedied by setting `pw_codec` in the cfg.

Feel free to search the Duo Knowledge Base for additional RADIUS answered questions.

Duo, not DUO.
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents