Hello Leon -
On Sat, 15 Jan 2000, leon wrote:
> Dear Radiator users,
>
> We've been using Radiator for our state-wide (Tennessee) dailin network for
> the past couple of months now. It seems that there is very little that
> Radiator is not capable of. :)
>
> Since last week I've been starting to see a weird error appear in our log
> files. below is a snippet of such an occurance. Please note that the
> "INFO: Access rejected for T: Bad Password" messages are cause by our
> network monitoring station. However this lengthy strings in the username as
> seen below have an unknown origin.
>
> Thu Jan 13 23:58:40 2000: INFO: Access rejected for T: Bad Password
> Thu Jan 13 23:58:55 2000: WARNING: Bad authenticator received in reply to ID
> 106
> Thu Jan 13 23:59:40 2000: INFO: Access rejected for Ibm``bDC8Ja)9N@000 8s"!
> D@< NDLby: Bad Password
> Thu Jan 13 23:59:40 2000: INFO: Access rejected for T: Bad Password
> Fri Jan 14 00:00:41 2000: INFO: Access rejected for T: Bad Password
> Fri Jan 14 00:00:50 2000: INFO: Access rejected for 1q[ t: Bad Password
> Fri Jan 14 00:01:12 2000: INFO: Access rejected for pv[v|%||p@@W`MOV*3p
> 3yeo[T>\I4J?Yeyz!2_A]cD4#/Hx[Q||O"|Z%LMFRP|V+%$$\Um>*QF]`A8bPDFi(%LPl$.8!"
> B,<P: Bad Password
> Fri Jan 14 00:01:41 2000: INFO: Access rejected for T: Bad Password
> Fri Jan 14 00:01:49 2000: INFO: Access rejected for Za.`<@(G0x%[D3(8
> Bx$wa3o^Q:I"^n: Bad Password
> Fri Jan 14 00:02:40 2000: INFO: Access rejected for T: Bad Password
> Fri Jan 14 00:02:57 2000: INFO: Access rejected for ^"z,: Bad Password
> Fri Jan 14 00:02:57 2000: INFO: Access rejected for @@@ic0|2? : Bad Password
> Fri Jan 14 00:03:40 2000: INFO: Access rejected for T: Bad Password
> Fri Jan 14 00:04:40 2000: INFO: Access rejected for T: Bad Password
> Fri Jan 14 00:05:40 2000: INFO: Access rejected for T: Bad Password
> Fri Jan 14 00:06:41 2000: INFO: Access rejected for T: Bad Password
>
You will sometimes see this sort of thing with modems that haven't trained
properly, or from unsuccessful PPP negotiation. It would be helpful to see if
there is something else consistent in the packets, and if so you could trap
them in a special Handler and log them to a different file perhaps. You could
try running with a trace 4 for a couple of days to get the packet dumps.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
