Re: Auth: Login incorrect:
Joe Bonow wrote: After searching the limited archive I am unable to find info on how to have the Login Incorrect return the name of the nas that the login failed on. The CVS version has support for a postauth_query stanza in sql.conf which allows you to insert any value you want in the SQL query : the User-Name, the User-Password and the NAS-IP-Address for example. See raddb/sql.conf and doc/Post-Auth-Type to use this feature. -- Nicolas Baradakis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth: Login incorrect:
Thanks for the patched log_badlogins it takes care of the issue for me and is greatly appreciated. Thanks also to all who replied with other solutions. Guy Fraser wrote: You have to configure and run dialup_admin/bin/log_badlogins to process you radius.log file and put the entries into your DB. I have written a patch that makes log_badlogins, use the raddb/clients.conf file to determine the NAS-IP-Address. This patch is not in CVS yet, I am waiting for some more important patches to applied to CVS before I resubmit this patch. Here is a patched version for you to try. Joe Bonow wrote: Hello: After searching the limited archive I am unable to find info on how to have the Login Incorrect return the name of the nas that the login failed on. As an example my radius.log file shows this line: Thu Dec 11 11:42:17 2003 : Auth: Login incorrect: [test/abc] (from client ip99 port 1) I am using dialup admin to check for bad logins and after reviewing the script it seems that the ip99 response should be more long the lines of say nameofnas or nameofnas.domain. Any help would be appreciated. Oh I am using a Livingston Portmaster 2e as the nas and the version of freeradius i am running is 0.9.2. Thanks in advance for assistance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html #!/usr/bin/perl # # Log failed logins in the sql database # Works only with mysql an postgresql {look for PG and change commented lines} # It will read the sql parameters from the admin.conf file # # Usage: # log_badlogins radius.log [admin.conf] [all] # # Defaults: # radius.log: none # admin.conf: /usr/local/dialup_admin/conf/admin.conf # all:no. Go to the end of the file. Don't read it all. use Date::Manip qw(ParseDate UnixDate); use Digest::MD5; $|=1; $file=shift||'none'; $conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; $all_file=shift||'no'; # # # CHANGE THESE TO MATCH YOUR SETUP # #$regexp = 'from client localhost port 135|from client blabla '; $tmpfile='/var/tmp/sql.input'; # # open CONF, $conf or die Could not open configuration file\n; while(CONF){ chomp; ($key,$val)=(split /:\s*/,$_); $sql_server = $val if ($key eq 'sql_server'); $sql_username = $val if ($key eq 'sql_username'); $sql_password = $val if ($key eq 'sql_password'); $sql_database = $val if ($key eq 'sql_database'); $sql_accounting_table = $val if ($key eq 'sql_accounting_table'); $realm_strip = $val if ($key eq 'general_strip_realms'); $realm_del = $val if ($key eq 'general_realm_delimiter'); $realm_for = $val if ($key eq 'general_realm_format'); $domain = $val if ($key eq 'general_domain'); $sql_timeout = $val if ($key eq 'sql_connect_timeout'); $sql_extra = $val if ($key eq 'sql_extra_servers'); $sqlcmd = $val if ($key eq 'sql_command'); $clients= $val if ($key eq 'general_clients_conf'); } close CONF; open CLIENTS, $clients or die Could not open $clients file\n; while(CLIENTS){ chomp; s/^\s*//g; s/\s*#.*//g; if (!/^\s*$/ /=/) { ($key,$val)=(split /\s*=\s*/,$_); $client_short = $val if ($key eq 'shortname'); } else { if (/\{/) { s/.*client\s+([^\s]*)\s+\{.*$/\1/; if (/^\d+\.\d+\.\d+\.\d+/) { $client = $_; } else { if (/\./ || /localhost/) { $name = $_ ; } else { $name = $_...$domain; } $addr = gethostbyname $name; ($a,$b,$c,$d)=unpack('C4',$addr); $client = $a.$b.$c.$d; #DEBUG# print $name. = .$client.\n; } } else { if (/\}/) { $client_array{$client_short} .= $client; } } } } close CLIENTS; $realm_del = '@' if ($realm_del eq ''); $realm_for = 'suffix' if ($realm_for eq ''); $pass = ($sql_password ne '') ? -p$sql_password : ''; die SQL server not defined\n if ($sql_server eq ''); die sql_command directive is not set in admin.conf\n if ($sqlcmd eq ''); die Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n if (! -x $sqlcmd); $opt = -O connect_timeout=$sql_timeout if ($sql_timeout); @servers = (split /\s+/,$sql_extra) if ($sql_extra ne ''); unshift @servers, $sql_server; open LOG, $file or die Could not open file $file\n; seek LOG, 0, 2 if ($all_file eq 'no'); for(;;){ while(LOG){
Re: Auth: Login incorrect:
Joe Bonow [EMAIL PROTECTED] wrote: I am using dialup admin to check for bad logins and after reviewing the script it seems that the ip99 response should be more long the lines of say nameofnas or nameofnas.domain. The 'ip99' is the 'short name' of the client. If you don't like it, edit the 'short name' to be the name you want logged. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Auth: Login incorrect:
You have to configure and run dialup_admin/bin/log_badlogins to process you radius.log file and put the entries into your DB. I have written a patch that makes log_badlogins, use the raddb/clients.conf file to determine the NAS-IP-Address. This patch is not in CVS yet, I am waiting for some more important patches to applied to CVS before I resubmit this patch. Here is a patched version for you to try. Joe Bonow wrote: Hello: After searching the limited archive I am unable to find info on how to have the Login Incorrect return the name of the nas that the login failed on. As an example my radius.log file shows this line: Thu Dec 11 11:42:17 2003 : Auth: Login incorrect: [test/abc] (from client ip99 port 1) I am using dialup admin to check for bad logins and after reviewing the script it seems that the ip99 response should be more long the lines of say nameofnas or nameofnas.domain. Any help would be appreciated. Oh I am using a Livingston Portmaster 2e as the nas and the version of freeradius i am running is 0.9.2. Thanks in advance for assistance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- Guy Fraser Network Administrator The Internet Centre 780-450-6787 , 1-888-450-6787 There is a fine line between genius and lunacy, fear not, walk the line with pride. Not all things will end up as you wanted, but you will certainly discover things the meek and timid will miss out on. #!/usr/bin/perl # # Log failed logins in the sql database # Works only with mysql an postgresql {look for PG and change commented lines} # It will read the sql parameters from the admin.conf file # # Usage: # log_badlogins radius.log [admin.conf] [all] # # Defaults: # radius.log: none # admin.conf: /usr/local/dialup_admin/conf/admin.conf # all:no. Go to the end of the file. Don't read it all. use Date::Manip qw(ParseDate UnixDate); use Digest::MD5; $|=1; $file=shift||'none'; $conf=shift||'/usr/local/dialup_admin/conf/admin.conf'; $all_file=shift||'no'; # # # CHANGE THESE TO MATCH YOUR SETUP # #$regexp = 'from client localhost port 135|from client blabla '; $tmpfile='/var/tmp/sql.input'; # # open CONF, $conf or die Could not open configuration file\n; while(CONF){ chomp; ($key,$val)=(split /:\s*/,$_); $sql_server = $val if ($key eq 'sql_server'); $sql_username = $val if ($key eq 'sql_username'); $sql_password = $val if ($key eq 'sql_password'); $sql_database = $val if ($key eq 'sql_database'); $sql_accounting_table = $val if ($key eq 'sql_accounting_table'); $realm_strip = $val if ($key eq 'general_strip_realms'); $realm_del = $val if ($key eq 'general_realm_delimiter'); $realm_for = $val if ($key eq 'general_realm_format'); $domain = $val if ($key eq 'general_domain'); $sql_timeout = $val if ($key eq 'sql_connect_timeout'); $sql_extra = $val if ($key eq 'sql_extra_servers'); $sqlcmd = $val if ($key eq 'sql_command'); $clients= $val if ($key eq 'general_clients_conf'); } close CONF; open CLIENTS, $clients or die Could not open $clients file\n; while(CLIENTS){ chomp; s/^\s*//g; s/\s*#.*//g; if (!/^\s*$/ /=/) { ($key,$val)=(split /\s*=\s*/,$_); $client_short = $val if ($key eq 'shortname'); } else { if (/\{/) { s/.*client\s+([^\s]*)\s+\{.*$/\1/; if (/^\d+\.\d+\.\d+\.\d+/) { $client = $_; } else { if (/\./ || /localhost/) { $name = $_ ; } else { $name = $_...$domain; } $addr = gethostbyname $name; ($a,$b,$c,$d)=unpack('C4',$addr); $client = $a.$b.$c.$d; #DEBUG# print $name. = .$client.\n; } } else { if (/\}/) { $client_array{$client_short} .= $client; } } } } close CLIENTS; $realm_del = '@' if ($realm_del eq ''); $realm_for = 'suffix' if ($realm_for eq ''); $pass = ($sql_password ne '') ? -p$sql_password : ''; die SQL server not defined\n if ($sql_server eq ''); die sql_command directive is not set in admin.conf\n if ($sqlcmd eq ''); die Could not find sql binary. Please make sure that the \$sqlcmd variable points to the right location\n if (! -x $sqlcmd); $opt = -O connect_timeout=$sql_timeout if ($sql_timeout); @servers = (split /\s+/,$sql_extra) if ($sql_extra ne ''); unshift @servers, $sql_server; open LOG, $file or die Could not open file $file\n; seek LOG, 0, 2 if ($all_file eq 'no');