WLAN Radius XG with Windows NAP BUG?

Hello

i have set up a WLAN Enterprise following these instructions community.sophos.com/.../132912
It all works.

but if a user uses the sign § in his windows password, the login will not work.

if passwords without § are used everything works.

is this a BUG in XG or Windows?

 

XG125 (SFOS 17.5.12 MR-12.HF062020.1

  • Hi 

    Thank you for reaching out to the Community!

    I would advise you to the access_server process in debug, replicate the issue, and provide logs in debug.

    Follow this KB Article to SSH into the XG firewall: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility.

    Select Option 5 (Device Management) > Option 3 (Advance Shell)

    Run this command to put the access_server service in debug: service access_server:debug -d -s nosync

    Once you capture the access_server logs in debug, run the same command to put access_server service in normal running mode.

    Run this command to check service status: service -S | grep access_server


    SFVUNL_VM01_SFOS 17.5.11 MR-11# service -S | grep access_server
    access_server RUNNING,DEBUG

    Thanks,

  • In reply to H_Patel:

    hello

    here the log

     

     

    XG125_XN03_SFOS 17.5.12 MR-12.HF062020.1# tail -f /log/access_server.log
    INFO Jun 27 07:23:00 [access_server]: (write_subsysqueue): EDIR_SYNC CLIENT: written 16 bytes, fd=24 wq=0xf80b6540 buf=0xf80b6548 offset=0
    DEBUG Jun 27 07:23:00 [access_server]: (do_epoll): Waiting for events
    DEBUG Jun 27 07:23:00 [EDIR_SYNC]: subsys_thread_main: EDIR_SYNC: event received on fd: 25
    DEBUG Jun 27 07:23:00 [EDIR_SYNC]: handle_server_events: EVENT_READ
    INFO Jun 27 07:23:00 [EDIR_SYNC]: (do_handle_read): EDIR_SYNC server: READING... fd=25
    INFO Jun 27 07:23:00 [EDIR_SYNC]: (do_handle_read): EDIR_SYNC server: read 16 bytes, fd=25
    DEBUG Jun 27 07:23:00 [EDIR_SYNC]: (do_handle_read): EDIR_SYNC server tlv=0xf80b49f0 req_handler=0xf766f1dd type=0 handler_data=(nil) res_handler=(nil)
    INFO Jun 27 07:23:00 [EDIR_SYNC]: (do_handle_read): EDIR_SYNC server: READING... fd=25
    INFO Jun 27 07:23:00 [EDIR_SYNC]: (do_handle_read): EDIR_SYNC server: read blocked
    INFO Jun 27 07:23:00 [EDIR_SYNC]: subsys_thread_main: EDIR_SYNC: waiting for events...
    DEBUG Jun 27 07:23:14 [access_server]: tlvserver_handle_request: tlv request received
    INFO Jun 27 07:23:14 [access_server]: tlvserver_print_request: ---------------------------------
    INFO Jun 27 07:23:14 [access_server]: tlvserver_print_request: TLV ID: 111
    INFO Jun 27 07:23:14 [access_server]: tlvserver_print_request: TLV Type: 2
    INFO Jun 27 07:23:14 [access_server]: tlvserver_print_request: TLV Length: 45
    INFO Jun 27 07:23:14 [access_server]: tlvserver_print_request: TLV Cl Res: 1
    INFO Jun 27 07:23:14 [access_server]: tlvserver_print_request: ---------------------------------
    DEBUG Jun 27 07:23:14 [access_server]: tlvserver_process_request: TEST CONNECTION
    DEBUG Jun 27 07:23:14 [access_server]: (test_authserver_connection): ----------- TEST CONNECTION --------
    DEBUG Jun 27 07:23:14 [access_server]: (test_authserver_connection): AUTHTYPE: 4
    DEBUG Jun 27 07:23:14 [access_server]: (test_authserver_connection): IP: '10.10.10.220'
    DEBUG Jun 27 07:23:14 [access_server]: (test_authserver_connection): USER: 'test'
    DEBUG Jun 27 07:23:14 [access_server]: (test_authserver_connection): password not empty
    DEBUG Jun 27 07:23:14 [access_server]: (test_authserver_connection): SHAREDSECRET:not empty
    DEBUG Jun 27 07:23:14 [access_server]: (test_authserver_connection): -----------------------------
    DEBUG Jun 27 07:23:14 [access_server]: radius_client_init: auth_order set to: 'radius'
    DEBUG Jun 27 07:23:14 [access_server]: radius_client_init: dictionary set to: '/static/system/radius_dictionary'
    DEBUG Jun 27 07:23:14 [access_server]: radius_client_init: seq file set to: '/tmp/radius.seq'
    DEBUG Jun 27 07:23:14 [access_server]: radius_client_init: radius_retries set to: '2'
    DEBUG Jun 27 07:23:14 [access_server]: radius_client_init: radius_timeout set to: '3'
    DEBUG Jun 27 07:23:14 [access_server]: radius_client_init: radius_deadtime set to: '0'
    DEBUG Jun 27 07:23:14 [access_server]: radius_client_init: radius dictionary initialized
    DEBUG Jun 27 07:23:14 [access_server]: radius_client_init: authserver set to '10.10.10.220'1812'xxxxxxxxxxxx'
    DEBUG Jun 27 07:23:14 [access_server]: radius_client_init: radius authentication client is initialized
    DEBUG Jun 27 07:23:14 [access_server]: (radiusauth_prepare_request): service type set to: 8
    DEBUG Jun 27 07:23:14 [access_server]: (radiusauth_prepare_request): username set to 'test'
    ERROR Jun 27 07:23:14 [access_server]: radiusauth_test_auth: Test authentication failed '10.10.10.220:1812'
    DEBUG Jun 27 07:23:14 [access_server]: (radiusauth_free_attributes): no attributes to free
    DEBUG Jun 27 07:23:14 [access_server]: tlvserver_handle_request: response sent
    DEBUG Jun 27 07:23:14 [access_server]: (do_epoll): Waiting for events
    DEBUG Jun 27 07:23:35 [CAA]: (CA_epoll_wait): returning 0
    MESSAGE Jun 27 07:23:35 [CAA]: (CA_keep_alive): access_server heartbeat
    DEBUG Jun 27 07:23:35 [CAA]: (CA_keep_alive): Checking connections status
    MESSAGE Jun 27 07:23:35 [CAA]: (CA_keep_alive): Next CA batch in 45 seconds
    DEBUG Jun 27 07:23:35 [CAA]: (process_caa_messages): Waiting for CAA events
    DEBUG Jun 27 07:23:35 [CAA]: (CA_epoll_wait): timeout=45000, time_to_keep_alive=45000