[RADIATOR] Strange username in radiator logs
Arya, Manish Kumar
m.arya at yahoo.com
Tue Apr 17 01:47:14 CDT 2012
Hi,
We have configured ALU devices to authenticate against radiator server. I have added vendor dictionary to config and created client list.
but I see mangled username in radius logs. not sure why this is happening. here is snapshot of my config
# ALU MSP Auth
<AuthBy LDAP2>
NoDefault
Identifier alu_msp_user_auth
Host 10.5.1.29
Port 2389
Timeout 60
AuthDN uid=radius,ou=appusers,dc=xxxx,dc=net
AuthPassword xxxxx
BaseDN o=colt,ou=customers,dc=xxxx,dc=net
Scope subtree
SearchFilter (&(colt-access-device-type=alumsp)(uid=%1))
UsernameAttr uid
PasswordAttr userPassword
ServerChecksPassword
AuthAttrDef userPassword,User-Password,check
AuthAttrDef radius-Callback-Id,Callback-Id,reply
AuthAttrDef radius-sam-sec-grp-name,Sam-security-group-name,reply
AuthAttrDef radius-Timetra-Access,Timetra-Access,reply
AuthAttrDef radius-Timetra-Home-Directory,Timetra-Home-Directory,reply
AuthAttrDef radius-Timetra-Restrict-To-Home,Timetra-Restrict-To-Home,reply
AuthAttrDef radius-Timetra-Profile,Timetra-Profile,reply
AuthAttrDef radius-Timetra-Default-Action,Timetra-Default-Action,reply
AuthAttrDef radius-Timetra-Cmd,Timetra-Cmd,reply
AuthAttrDef radius-Timetra-Action,Timetra-Action,reply
AuthAttrDef radius-Timetra-Exec-File,Timetra-Exec-File,reply
AddToReplyIfNotExist Service-Type=Login-User
</AuthBy>
# Handler for ALU MSP
<Handler Realm = alumsp.srv>
AuthLog auth_log
RewriteUsername s/^([^@]+).*/$1/
AuthBy alu_msp_user_auth
</Handler>
here is what I see in logs when a login request is originated for abc at alumsp.srv
*** Received from 10.174.1.1 port 50118 ....
Code: Access-Request
Identifier: 242
Authentic: r<255>*<27>7<230>y1<23>Z<17>cxI9<170>
Attributes:
User-Name = "p1z1x2c7s9y9b0o8<240>"
User-Password = "<219>w0[<153><175><235><216><192><151>G<26>`<224><16>|<180>W<136><203><174><179>LJ<151>d<251><20><159><5><222><9>"
NAS-IP-Address = 10.174.1.1
Tue Apr 17 07:44:31 2012: DEBUG: Handling request with Handler '', Identifier ''
Tue Apr 17 07:44:31 2012: DEBUG: SESSDBSQL Deleting session for P1Z1X2C7S9Y9B0O8ð, 10.174.1.1,
Tue Apr 17 07:44:31 2012: DEBUG: do query is: 'delete from RADONLINE where NASIDENTIFIER='10.174.1.1' and NASPORT=0':
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: PreAuthHook called...
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Access code: Access-Request
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Proceeding...
Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: Got User-Name: p1z1x2c7s9y9b0o8ð and Realm: p1z1x2c7s9y9b0o8ð
Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: Couldn't connect to LDAP 127.0.0.1: IO::Socket::INET: connect: Connection refused
Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: Trying LDAP 10.5.1.29...
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Attempting to bind to LDAP server
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: ldapsearch with base ou=customers,dc=xxx,dc=net
Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: No service found with realm/domain p1z1x2c7s9y9b0o8ð
Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Adding to Access-Request -> Pre-Auth: 0
Tue Apr 17 07:44:31 2012: DEBUG: Handling with Radius::AuthLDAP2: user_auth
Tue Apr 17 07:44:31 2012: ERR: ldap search for (uid=p1z1x2c7s9y9b0o8ð) failed with error LDAP_NO_SUCH_OBJECT.
Tue Apr 17 07:44:31 2012: DEBUG: Radius::AuthLDAP2 looks for match with p1z1x2c7s9y9b0o8ð [P1Z1X2C7S9Y9B0O8ð]
Tue Apr 17 07:44:31 2012: DEBUG: Radius::AuthLDAP2 REJECT: No such user: p1z1x2c7s9y9b0o8ð [P1Z1X2C7S9Y9B0O8ð]
Tue Apr 17 07:44:31 2012: DEBUG: AuthBy LDAP2 result: REJECT, No such user
Tue Apr 17 07:44:31 2012: INFO: Access rejected for p1z1x2c7s9y9b0o8ð: No such user
Tue Apr 17 07:44:31 2012: DEBUG: Packet dump:
*** Sending to 10.174.1.1 port 50118 ....
Code: Access-Reject
Identifier: 242
Authentic: <28>X<161>IZ-<144>s1<214><145><147><230>N<223>+
Attributes:
Reply-Message = "No such user"
Regards,
-Manish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120416/6e8c6812/attachment.html
More information about the radiator
mailing list