Re: difference in logs

Wed, 01 Jan 2003 08:49:26 -0800 

"Lists @ Apted Tech." <[EMAIL PROTECTED]> wrote:
> ... However, during some testing between this new box and a client
> radius server that is forwarding auth requests by using fully
> qualified username ([EMAIL PROTECTED]).  The @customcpu.com
> should be stripped and then testing is sent to our box for auth.

  Which probably happens.  Did you run it in debugging mode to check?

> Mon Dec 30 17:27:29 2002 : Auth: Login OK: [testing] (from client
> acs-proxy[4] port 32 cli 9075692251)
> 
> However, when I check the detail log file, I see:
> 
> Mon Dec 30 17:27:29 2002
>         Acct-Session-Id = "1E002868"
>         User-Name = "[EMAIL PROTECTED]"

  So the proxy authenticates 'testing', and your serv4er logs the user
name which was sent in the request from the NAS.

> Im not to informed on the more advanced features of the radius protocol, but
> I have been trying to find something to explain this occurrence in the
> documentation and cannot.  I don't understand how an auth request can come
> in for a username testing, and be authenticated and logged one place, then
> show up as [EMAIL PROTECTED] in  another log?

  That depends on the server configuration.  The user name which is
logged is sometimes %{User-Name}, sometimes %{Stripped-User-Name}, and
sometimes more complicated.  Read the configuration files, and look
for those strings.

> @customcpu.com should have been stripped from the username before
> being send to my server, but then again, /var/log/radius shows the
> request coming in as just testing.

  No, it doesn't.  If you want to know what the server is doing and
why, then run it in debugging mode.  Don't look at the log file, as it
contains only a small portion of the information.

> I have no reference of any kind to @customcpu.com in any part of my
> config, so i'm wondering how many parts to a radius authentication
> request packet there are?

  You either DO have 'customcpu.com' in a config file (see proxy.conf
or realms), or you have a DEFAULT realm.

  Again, reading the documentation and running the server in debugging
mode would answer nearly all of your questions.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to