[RADIATOR] Strange username in radiator logs

Arya, Manish Kumar m.arya at yahoo.com
Tue Apr 17 01:47:14 CDT 2012 

Hi,

    We have configured ALU devices to authenticate against radiator server. I have added vendor dictionary to config and created client list.
but I see mangled username in radius logs. not sure why this is happening. here is snapshot of my config

# ALU MSP Auth
<AuthBy LDAP2>
        NoDefault
        Identifier      alu_msp_user_auth
        Host            10.5.1.29
        Port            2389
        Timeout         60
        AuthDN          uid=radius,ou=appusers,dc=xxxx,dc=net
        AuthPassword    xxxxx
        BaseDN          o=colt,ou=customers,dc=xxxx,dc=net
        Scope           subtree
        SearchFilter    (&(colt-access-device-type=alumsp)(uid=%1))
        UsernameAttr    uid
        PasswordAttr    userPassword
        ServerChecksPassword
        AuthAttrDef     userPassword,User-Password,check
        AuthAttrDef     radius-Callback-Id,Callback-Id,reply
        AuthAttrDef     radius-sam-sec-grp-name,Sam-security-group-name,reply
        AuthAttrDef     radius-Timetra-Access,Timetra-Access,reply
        AuthAttrDef     radius-Timetra-Home-Directory,Timetra-Home-Directory,reply
        AuthAttrDef     radius-Timetra-Restrict-To-Home,Timetra-Restrict-To-Home,reply
        AuthAttrDef     radius-Timetra-Profile,Timetra-Profile,reply
        AuthAttrDef     radius-Timetra-Default-Action,Timetra-Default-Action,reply
        AuthAttrDef     radius-Timetra-Cmd,Timetra-Cmd,reply
        AuthAttrDef     radius-Timetra-Action,Timetra-Action,reply
        AuthAttrDef     radius-Timetra-Exec-File,Timetra-Exec-File,reply
        AddToReplyIfNotExist    Service-Type=Login-User
</AuthBy>

# Handler for ALU MSP
<Handler Realm = alumsp.srv>
        AuthLog         auth_log
        RewriteUsername s/^([^@]+).*/$1/
        AuthBy          alu_msp_user_auth
</Handler>

here is what I see in logs when a login request is originated for abc at alumsp.srv

*** Received from 10.174.1.1 port 50118 ....
Code:       Access-Request
Identifier: 242
Authentic:  r<255>*<27>7<230>y1<23>Z<17>cxI9<170>
Attributes:
        User-Name = "p1z1x2c7s9y9b0o8<240>"
        User-Password = "<219>w0[<153><175><235><216><192><151>G<26>`<224><16>|<180>W<136><203><174><179>LJ<151>d<251><20><159><5><222><9>"
        NAS-IP-Address = 10.174.1.1

Tue Apr 17 07:44:31 2012: DEBUG: Handling request with Handler '', Identifier ''
Tue Apr 17 07:44:31 2012: DEBUG: SESSDBSQL Deleting session for P1Z1X2C7S9Y9B0O8ð, 10.174.1.1,
Tue Apr 17 07:44:31 2012: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='10.174.1.1' and NASPORT=0':
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: PreAuthHook called...
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Access code: Access-Request
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Proceeding...
Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: Got User-Name: p1z1x2c7s9y9b0o8ð and Realm: p1z1x2c7s9y9b0o8ð
Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: Couldn't connect to LDAP 127.0.0.1: IO::Socket::INET: connect: Connection refused
Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: Trying LDAP 10.5.1.29...
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Attempting to bind to LDAP server
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: ldapsearch with base ou=customers,dc=xxx,dc=net
Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: No service found with realm/domain p1z1x2c7s9y9b0o8ð
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Adding to Access-Request -> Pre-Auth: 0
Tue Apr 17 07:44:31 2012: DEBUG: Handling with Radius::AuthLDAP2: user_auth
Tue Apr 17 07:44:31 2012: ERR: ldap search for (uid=p1z1x2c7s9y9b0o8ð) failed with error LDAP_NO_SUCH_OBJECT.
Tue Apr 17 07:44:31 2012: DEBUG: Radius::AuthLDAP2 looks for match with p1z1x2c7s9y9b0o8ð [P1Z1X2C7S9Y9B0O8ð]
Tue Apr 17 07:44:31 2012: DEBUG: Radius::AuthLDAP2 REJECT: No such user: p1z1x2c7s9y9b0o8ð [P1Z1X2C7S9Y9B0O8ð]
Tue Apr 17 07:44:31 2012: DEBUG: AuthBy LDAP2 result: REJECT, No such user
Tue Apr 17 07:44:31 2012: INFO: Access rejected for p1z1x2c7s9y9b0o8ð: No such user
Tue Apr 17 07:44:31 2012: DEBUG: Packet dump:
*** Sending to 10.174.1.1 port 50118 ....
Code:       Access-Reject
Identifier: 242
Authentic:  <28>X<161>IZ-<144>s1<214><145><147><230>N<223>+
Attributes:
        Reply-Message = "No such user"

Regards,
-Manish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120416/6e8c6812/attachment.html

More information about the radiator mailing list