[RADIATOR] Strange username in radiator logs

Arya, Manish Kumar m.arya at yahoo.com
Tue Apr 17 07:01:16 CDT 2012 

Hi Hugh,

   I just now had a call with the vendor. he confirmed they are sending encrypted requests.
will keep posting updates.


Regards,
-Manish



________________________________
 From: Hugh Irvine <hugh at open.com.au>
To: Heikki Vatiainen <hvn at open.com.au> 
Cc: radiator at open.com.au 
Sent: Tuesday, April 17, 2012 3:47 PM
Subject: Re: [RADIATOR] Strange username in radiator logs
 

Hello Manish, Hello Heikki -

I have seen these before - they are probes from the device with usernames of this form.

There is nothing wrong with your configuration - but you might want to turn off these probes on the device.

regards

Hugh


On 17 Apr 2012, at 17:18, Heikki Vatiainen wrote:

> On 04/17/2012 09:47 AM, Arya, Manish Kumar wrote:
> 
>>    We have configured ALU devices to authenticate against radiator
>> server. I have added vendor dictionary to config and created client list.
>> but I see mangled username in radius logs. not sure why this is
>> happening. here is snapshot of my config
> 
> Please reply with your full configuration (no secrets or passwords
> needed) and full log from Radiator including any startup messages. Also
> include the vendor dictionary.
> 
> If the dictionary has been added correctly, then the NAS (ALU device?)
> is doing something odd.
> 
> Heikki
> 
> 
>> # ALU MSP Auth
>> <AuthBy LDAP2>
>>        NoDefault
>>        Identifier      alu_msp_user_auth
>>        Host            10.5.1.29
>>        Port            2389
>>        Timeout         60
>>        AuthDN          uid=radius,ou=appusers,dc=xxxx,dc=net
>>        AuthPassword    xxxxx
>>        BaseDN          o=colt,ou=customers,dc=xxxx,dc=net
>>        Scope           subtree
>>        SearchFilter    (&(colt-access-device-type=alumsp)(uid=%1))
>>        UsernameAttr    uid
>>        PasswordAttr    userPassword
>>        ServerChecksPassword
>>        AuthAttrDef     userPassword,User-Password,check
>>        AuthAttrDef     radius-Callback-Id,Callback-Id,reply
>>        AuthAttrDef    
>> radius-sam-sec-grp-name,Sam-security-group-name,reply
>>        AuthAttrDef     radius-Timetra-Access,Timetra-Access,reply
>>        AuthAttrDef    
>> radius-Timetra-Home-Directory,Timetra-Home-Directory,reply
>>        AuthAttrDef    
>> radius-Timetra-Restrict-To-Home,Timetra-Restrict-To-Home,reply
>>        AuthAttrDef     radius-Timetra-Profile,Timetra-Profile,reply
>>        AuthAttrDef    
>> radius-Timetra-Default-Action,Timetra-Default-Action,reply
>>        AuthAttrDef     radius-Timetra-Cmd,Timetra-Cmd,reply
>>        AuthAttrDef     radius-Timetra-Action,Timetra-Action,reply
>>        AuthAttrDef     radius-Timetra-Exec-File,Timetra-Exec-File,reply
>>        AddToReplyIfNotExist    Service-Type=Login-User
>> </AuthBy>
>> 
>> # Handler for ALU MSP
>> <Handler Realm = alumsp.srv>
>>        AuthLog         auth_log
>>        RewriteUsername s/^([^@]+).*/$1/
>>        AuthBy          alu_msp_user_auth
>> </Handler>
>> 
>> here is what I see in logs when a login request is originated for
>> abc at alumsp.srv
>> 
>> *** Received from 10.174.1.1 port 50118 ....
>> Code:       Access-Request
>> Identifier: 242
>> Authentic:  r<255>*<27>7<230>y1<23>Z<17>cxI9<170>
>> Attributes:
>>        User-Name = "p1z1x2c7s9y9b0o8<240>"
>>        User-Password =
>> "<219>w0[<153><175><235><216><192><151>G<26>`<224><16>|<180>W<136><203><174><179>LJ<151>d<251><20><159><5><222><9>"
>>        NAS-IP-Address = 10.174.1.1
>> 
>> Tue Apr 17 07:44:31 2012: DEBUG: Handling request with Handler '',
>> Identifier ''
>> Tue Apr 17 07:44:31 2012: DEBUG: SESSDBSQL Deleting session for
>> P1Z1X2C7S9Y9B0O8ð, 10.174.1.1,
>> Tue Apr 17 07:44:31 2012: DEBUG: do query is: 'delete from RADONLINE
>> where NASIDENTIFIER='10.174.1.1' and NASPORT=0':
>> Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: PreAuthHook called...
>> Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Access code: Access-Request
>> Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Proceeding...
>> Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: Got User-Name:
>> p1z1x2c7s9y9b0o8ð and Realm: p1z1x2c7s9y9b0o8ð
>> Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: Couldn't connect to LDAP
>> 127.0.0.1: IO::Socket::INET: connect: Connection refused
>> Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: Trying LDAP 10.5.1.29...
>> Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Attempting to bind to LDAP
>> server
>> Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: ldapsearch with base
>> ou=customers,dc=xxx,dc=net
>> Tue Apr 17 07:44:31 2012: INFO: PreAuthHook: No service found with
>> realm/domain p1z1x2c7s9y9b0o8ð
>> Tue Apr 17 07:44:31 2012: DEBUG: PreAuthHook: Adding to Access-Request
>> -> Pre-Auth: 0
>> Tue Apr 17 07:44:31 2012: DEBUG: Handling with Radius::AuthLDAP2: user_auth
>> Tue Apr 17 07:44:31 2012: ERR: ldap search for (uid=p1z1x2c7s9y9b0o8ð)
>> failed with error LDAP_NO_SUCH_OBJECT.
>> Tue Apr 17 07:44:31 2012: DEBUG: Radius::AuthLDAP2 looks for match with
>> p1z1x2c7s9y9b0o8ð [P1Z1X2C7S9Y9B0O8ð]
>> Tue Apr 17 07:44:31 2012: DEBUG: Radius::AuthLDAP2 REJECT: No such user:
>> p1z1x2c7s9y9b0o8ð [P1Z1X2C7S9Y9B0O8ð]
>> Tue Apr 17 07:44:31 2012: DEBUG: AuthBy LDAP2 result: REJECT, No such user
>> Tue Apr 17 07:44:31 2012: INFO: Access rejected for p1z1x2c7s9y9b0o8ð:
>> No such user
>> Tue Apr 17 07:44:31 2012: DEBUG: Packet dump:
>> *** Sending to 10.174.1.1 port 50118 ....
>> Code:       Access-Reject
>> Identifier: 242
>> Authentic:  <28>X<161>IZ-<144>s1<214><145><147><230>N<223>+
>> Attributes:
>>        Reply-Message = "No such user"
>> 
>> Regards,
>> -Manish
>> 
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> -- 
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

_______________________________________________
radiator mailing list
radiator at open.com.au
http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120417/a2b81b12/attachment-0001.html

More information about the radiator mailing list