Re: Auth: Login incorrect:
Joe Bonow wrote: After searching the limited archive I am unable to find info on how to have the Login Incorrect return the name of the nas that the login failed on. The CVS version has support for a postauth_query stanza in sql.conf which allows you to insert any value you want in the SQL query : the User-Name, the User-Password and the NAS-IP-Address for example. See raddb/sql.conf and doc/Post-Auth-Type to use this feature. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth: Login incorrect:
Thanks for the patched log_badlogins it takes care of the issue for me
and is greatly appreciated. Thanks also to all who replied with other
solutions.
Guy Fraser wrote:
You have to configure and run dialup_admin/bin/log_badlogins to
process you radius.log file and put the entries into your DB.
I have written a patch that makes log_badlogins, use the
raddb/clients.conf file to determine the NAS-IP-Address.
This patch is not in CVS yet, I am waiting for some more important
patches to applied to CVS before I resubmit this patch.
Here is a patched version for you to try.
Joe Bonow wrote:
Hello:
After searching the limited archive I am unable to find info on
how to have the Login Incorrect return the name of the nas that the
login failed on. As an example my radius.log file shows this line:
Thu Dec 11 11:42:17 2003 : Auth: Login incorrect: [test/abc] (from
client ip99 port 1)
I am using dialup admin to check for bad logins and after reviewing
the script it seems that the ip99 response should be more long the
lines of say nameofnas or nameofnas.domain. Any help would be
appreciated. Oh I am using a Livingston Portmaster 2e as the nas and
the version of freeradius i am running is 0.9.2. Thanks in advance
for assistance.
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
#!/usr/bin/perl
#
# Log failed logins in the sql database
# Works only with mysql an postgresql {look for PG and change commented lines}
# It will read the sql parameters from the admin.conf file
#
# Usage:
# log_badlogins radius.log [admin.conf] [all]
#
# Defaults:
# radius.log: none
# admin.conf: /usr/local/dialup_admin/conf/admin.conf
# all:no. Go to the end of the file. Don't read it all.
use Date::Manip qw(ParseDate UnixDate);
use Digest::MD5;
$|=1;
$file=shift||'none';
$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
$all_file=shift||'no';
#
#
# CHANGE THESE TO MATCH YOUR SETUP
#
#$regexp = 'from client localhost port 135|from client blabla ';
$tmpfile='/var/tmp/sql.input';
#
#
open CONF, $conf
or die Could not open configuration file\n;
while(CONF){
chomp;
($key,$val)=(split /:\s*/,$_);
$sql_server = $val if ($key eq 'sql_server');
$sql_username = $val if ($key eq 'sql_username');
$sql_password = $val if ($key eq 'sql_password');
$sql_database = $val if ($key eq 'sql_database');
$sql_accounting_table = $val if ($key eq 'sql_accounting_table');
$realm_strip = $val if ($key eq 'general_strip_realms');
$realm_del = $val if ($key eq 'general_realm_delimiter');
$realm_for = $val if ($key eq 'general_realm_format');
$domain = $val if ($key eq 'general_domain');
$sql_timeout = $val if ($key eq 'sql_connect_timeout');
$sql_extra = $val if ($key eq 'sql_extra_servers');
$sqlcmd = $val if ($key eq 'sql_command');
$clients= $val if ($key eq 'general_clients_conf');
}
close CONF;
open CLIENTS, $clients
or die Could not open $clients file\n;
while(CLIENTS){
chomp;
s/^\s*//g;
s/\s*#.*//g;
if (!/^\s*$/ /=/) {
($key,$val)=(split /\s*=\s*/,$_);
$client_short = $val if ($key eq 'shortname');
} else {
if (/\{/) {
s/.*client\s+([^\s]*)\s+\{.*$/\1/;
if (/^\d+\.\d+\.\d+\.\d+/) {
$client = $_;
} else {
if (/\./ || /localhost/) {
$name = $_ ;
} else {
$name = $_...$domain;
}
$addr = gethostbyname $name;
($a,$b,$c,$d)=unpack('C4',$addr);
$client = $a.$b.$c.$d;
#DEBUG# print $name. = .$client.\n;
}
} else {
if (/\}/) {
$client_array{$client_short} .= $client;
}
}
}
}
close CLIENTS;
$realm_del = '@' if ($realm_del eq '');
$realm_for = 'suffix' if ($realm_for eq '');
$pass = ($sql_password ne '') ? -p$sql_password : '';
die SQL server not defined\n if ($sql_server eq '');
die sql_command directive is not set in admin.conf\n if ($sqlcmd eq '');
die Could not find sql binary. Please make sure that the \$sqlcmd variable points to the
right location\n if (! -x $sqlcmd);
$opt = -O connect_timeout=$sql_timeout if ($sql_timeout);
@servers = (split /\s+/,$sql_extra) if ($sql_extra ne '');
unshift @servers, $sql_server;
open LOG, $file
or die Could not open file $file\n;
seek LOG, 0, 2 if ($all_file eq 'no');
for(;;){
while(LOG){
Re: Auth: Login incorrect:
Joe Bonow [EMAIL PROTECTED] wrote: I am using dialup admin to check for bad logins and after reviewing the script it seems that the ip99 response should be more long the lines of say nameofnas or nameofnas.domain. The 'ip99' is the 'short name' of the client. If you don't like it, edit the 'short name' to be the name you want logged. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth: Login incorrect:
You have to configure and run dialup_admin/bin/log_badlogins to
process you radius.log file and put the entries into your DB.
I have written a patch that makes log_badlogins, use the
raddb/clients.conf file to determine the NAS-IP-Address.
This patch is not in CVS yet, I am waiting for some more important
patches to applied to CVS before I resubmit this patch.
Here is a patched version for you to try.
Joe Bonow wrote:
Hello:
After searching the limited archive I am unable to find info on how
to have the Login Incorrect return the name of the nas that the login
failed on. As an example my radius.log file shows this line:
Thu Dec 11 11:42:17 2003 : Auth: Login incorrect: [test/abc] (from
client ip99 port 1)
I am using dialup admin to check for bad logins and after reviewing
the script it seems that the ip99 response should be more long the
lines of say nameofnas or nameofnas.domain. Any help would be
appreciated. Oh I am using a Livingston Portmaster 2e as the nas and
the version of freeradius i am running is 0.9.2. Thanks in advance
for assistance.
- List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
--
Guy Fraser
Network Administrator
The Internet Centre
780-450-6787 , 1-888-450-6787
There is a fine line between genius and lunacy, fear not, walk the
line with pride. Not all things will end up as you wanted, but you
will certainly discover things the meek and timid will miss out on.
#!/usr/bin/perl
#
# Log failed logins in the sql database
# Works only with mysql an postgresql {look for PG and change commented lines}
# It will read the sql parameters from the admin.conf file
#
# Usage:
# log_badlogins radius.log [admin.conf] [all]
#
# Defaults:
# radius.log: none
# admin.conf: /usr/local/dialup_admin/conf/admin.conf
# all:no. Go to the end of the file. Don't read it all.
use Date::Manip qw(ParseDate UnixDate);
use Digest::MD5;
$|=1;
$file=shift||'none';
$conf=shift||'/usr/local/dialup_admin/conf/admin.conf';
$all_file=shift||'no';
#
#
# CHANGE THESE TO MATCH YOUR SETUP
#
#$regexp = 'from client localhost port 135|from client blabla ';
$tmpfile='/var/tmp/sql.input';
#
#
open CONF, $conf
or die Could not open configuration file\n;
while(CONF){
chomp;
($key,$val)=(split /:\s*/,$_);
$sql_server = $val if ($key eq 'sql_server');
$sql_username = $val if ($key eq 'sql_username');
$sql_password = $val if ($key eq 'sql_password');
$sql_database = $val if ($key eq 'sql_database');
$sql_accounting_table = $val if ($key eq 'sql_accounting_table');
$realm_strip = $val if ($key eq 'general_strip_realms');
$realm_del = $val if ($key eq 'general_realm_delimiter');
$realm_for = $val if ($key eq 'general_realm_format');
$domain = $val if ($key eq 'general_domain');
$sql_timeout = $val if ($key eq 'sql_connect_timeout');
$sql_extra = $val if ($key eq 'sql_extra_servers');
$sqlcmd = $val if ($key eq 'sql_command');
$clients= $val if ($key eq 'general_clients_conf');
}
close CONF;
open CLIENTS, $clients
or die Could not open $clients file\n;
while(CLIENTS){
chomp;
s/^\s*//g;
s/\s*#.*//g;
if (!/^\s*$/ /=/) {
($key,$val)=(split /\s*=\s*/,$_);
$client_short = $val if ($key eq 'shortname');
} else {
if (/\{/) {
s/.*client\s+([^\s]*)\s+\{.*$/\1/;
if (/^\d+\.\d+\.\d+\.\d+/) {
$client = $_;
} else {
if (/\./ || /localhost/) {
$name = $_ ;
} else {
$name = $_...$domain;
}
$addr = gethostbyname $name;
($a,$b,$c,$d)=unpack('C4',$addr);
$client = $a.$b.$c.$d;
#DEBUG# print $name. = .$client.\n;
}
} else {
if (/\}/) {
$client_array{$client_short} .= $client;
}
}
}
}
close CLIENTS;
$realm_del = '@' if ($realm_del eq '');
$realm_for = 'suffix' if ($realm_for eq '');
$pass = ($sql_password ne '') ? -p$sql_password : '';
die SQL server not defined\n if ($sql_server eq '');
die sql_command directive is not set in admin.conf\n if ($sqlcmd eq '');
die Could not find sql binary. Please make sure that the \$sqlcmd variable points to
the right location\n if (! -x $sqlcmd);
$opt = -O connect_timeout=$sql_timeout if ($sql_timeout);
@servers = (split /\s+/,$sql_extra) if ($sql_extra ne '');
unshift @servers, $sql_server;
open LOG, $file
or die Could not open file $file\n;
seek LOG, 0, 2 if ($all_file eq 'no');
