Hello Robin -
On Thu, 10 Feb 2000, Robin Gruyters wrote:
> Hi,
>
> Because we get garbage usernames, i've used the handler bit in the config file
> (see below):
>
> <Handler User-Name = /\\x/>
> <AuthBy FILE>
> Filename %D/reject-users
> </AuthBy>
> </Handler>
>
> <Handler>
> AuthByPolicy ContinueWhileIgnore
>
> RewriteUsername tr/A-Z/a-z/
>
> <AuthBy LDAP2>
> Host <hostname>
> AuthDN cn=radius,o=WISH, c=NL
> BaseDN o=WISH, c=NL
> AuthPassword <encrypted>
> UsernameAttr uid
> PasswordAttr userPassword
>
> AddToReply Service-Type = Framed-User,\
> Framed-Protocol = PPP,\
> Framed-IP-Address = 255.255.255.254,\
> Framed-MTU = 1500,\
> Primary-DNS-Server= 212.123.129.68, \
> Secondary-DNS-Server= 212.123.128.16
> </AuthBy>
>
> <AuthBy LDAP2>
> Host <hostname>
> AuthDN cn=radius,o=WISH, c=NL
> BaseDN o=WISH, c=NL
> AuthPassword <encrypted>
> UsernameAttr uid
> PasswordAttr userPassword
>
> AddToReply Service-Type = Framed-User,\
> Framed-Protocol = PPP,\
> Framed-IP-Address = 255.255.255.254,\
> Framed-MTU = 1500,\
> Primary-DNS-Server= 212.123.129.68, \
> Secondary-DNS-Server= 212.123.128.16
> </AuthBy>
>
> </Handler>
>
> Only the first handler doesn't work realy. Here is a dump:
>
> *** Received from 195.7.137.163 port 1812 ....
> Code: Access-Request
> Identifier: 21
> Authentic: 4t<180><26><252><168>t<177><148><196>f\<10>,<206><11>
> Attributes:
> User-Name = "<163><138><188><143><159><235><242><159>5<176><177>
> o<177>X<227><219><130><157><253><223><244><226>8<156><170>6
>
><2><178>%<228>?><201><141>W<237><28><135>NssSB<135><165>w<147>iv<138>$<244>z<140>><O<255><134>L<152><150><247><209>_<19><12><241><12
>
>><160>.<140><239><255><197><241><168><190><147>J<203><223><216><254><239><205><255><229><227><155><201>:<210><154><247>T<228><20><22
>
>1>[<218><185>/(<4><168>|<252><255>|<234><139>P<230><150><11><134><231><239><255><230><131><161><7><28>y<30>,$<210>~<230><254><237>n<
>
>235>i<168><26>X<252><239><255>K<29><176><135>K<139><185>N<203><162>6cx<144>%<254><206><254><188><225>iT<208>"
> User-Password = <210>;=<220><139>O<164>a|<203><176><227>AT<17><243>2m
> <145><205><154><137><137>2Z<155><157><30>YN<11>B<28><1
>
>97><173><3><204><21>SJ<160>O<221>><4><2><4>{)<190>L<173><223>)<9>y<152><199>Kq<204><234><184><179>)u<220>K<156>d*<18>v<144><150><148
> >"<192><172><152>`3<163><167><205><130><177><133><224><180><229><7><15><254><147>
> NAS-IP-Address = 195.7.137.163
> NAS-Port = 1299
> Acct-Session-Id = "85066624"
> Interface-Index = 2555
> Supports-Tags = 0
> Service-Type = Login
> Chassis-Call-Slot = 6
> Chassis-Call-Span = 1
> Chassis-Call-Channel = 19
> Connect-Speed = NONE
> Calling-Station-Id = "0478631728"
> Called-Station-Id = ""
> NAS-Port-Type = Async
>
> Wed Feb 9 18:22:39 2000: DEBUG: Check if Handler User-Name = /\\x/ should be
> used to handle this request
> Wed Feb 9 18:22:39 2000: DEBUG: Check if Handler should be used to handle this
> request
> Wed Feb 9 18:22:39 2000: DEBUG: Handling request with Handler ''
> Wed Feb 9 18:22:39 2000: DEBUG: Rewrote user name to
> \xa3\x8a\xbc\x8f\x9f\xeb\xf2\x9f5\xb0\xb1 o\xb1x\xe3\xdb\x82\x9d\xfd\xdf\xf4\x
>
>e28\x9c\xaa6^B\xb2%\xe4?>\xc9\x8dw\xed^\\x87nsssb\x87\xa5w\x93iv\x8a$\xf4z\x8c><o\xff\x86l\x98\x96\xf7\xd1_^S^L\xf1^L\xa0.\x8c\xef\x
>
>ff\xc5\xf1\xa8\xbe\x93j\xcb\xdf\xd8\xfe\xef\xcd\xff\xe5\xe3\x9b\xc9:\xd2\x9a\xf7t\xe4^T\xdd[\xda\xb9/(^D\xa8|\xfc\xff|\xea\x8bp\xe6\
>
>x96^K\x86\xe7\xef\xff\xe6\x83\xa1^G^\y^^,$\xd2~\xe6\xfe\xedn\xebi\xa8^Zx\xfc\xef\xffk^]\xb0\x87k\x8b\xb9n\xcb\xa26cx\x90%\xfe\xce\xf
> e\xbc\xe1it\xd0
> Wed Feb 9 18:22:39 2000: DEBUG: Deleting session for
> \xa3\x8a\xbc\x8f\x9f\xeb\xf2\x9f5\xb0\xb1 o\xb1X\xe3\xdb\x82\x9d\xfd\xdf\xf4\
>
>xe28\x9c\xaa6^B\xb2%\xe4?>\xc9\x8dW\xed^\\x87NssSB\x87\xa5w\x93iv\x8a$\xf4z\x8c><O\xff\x86L\x98\x96\xf7\xd1_^S^L\xf1^L\xa0.\x8c\xef\
>
>xff\xc5\xf1\xa8\xbe\x93J\xcb\xdf\xd8\xfe\xef\xcd\xff\xe5\xe3\x9b\xc9:\xd2\x9a\xf7T\xe4^T\xdd[\xda\xb9/(^D\xa8|\xfc\xff|\xea\x8bP\xe6
>
>\x96^K\x86\xe7\xef\xff\xe6\x83\xa1^G^\y^^,$\xd2~\xe6\xfe\xedn\xebi\xa8^ZX\xfc\xef\xffK^]\xb0\x87K\x8b\xb9N\xcb\xa26cx\x90%\xfe\xce\x
> fe\xbc\xe1iT\xd0, 195.7.137.163, 1299
> Wed Feb 9 18:22:39 2000: DEBUG: Handling with Radius::AuthLDAP2
> Wed Feb 9 18:22:39 2000: DEBUG: Connecting to lrad.inside.servers, port 389
> Wed Feb 9 18:25:11 2000: DEBUG: Reading users file /etc/raddb/reject-users
> Wed Feb 9 18:25:12 2000: INFO: Server started
>
> It says that it is reading the /etc/raddb/reject-users, but also you see that he
> tries to contact the ldap server..
>
> Why?
>
>
> Owya, this is what the reject-users file contains:
>
> DEFAULT Auth-Type = Reject
>
This actually looks like Radiator is restarting at 18:25:11 - why is that? Did
you send it a kill signal? or are you using restartWrapper with a delay?
In any case, your regexp in <Handler User-Name = /\\x/> is clearly not working
becuase Radiator is skipping over that Handler and going on to the default.
What were you expecting it to catch?
It may very well be that the malformed User-Name is causing AuthLDAP2 to fall
over - it shouldn't crash Radiator though.
Could you send us a bit more information?
thanks
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
