Hello Charles -
There are two aspects to what you describe below: the first is to recognise the
garbage logins (via regexp) and the second is to avoid passing those logins to
the SQL session database.
For the first part of the problem, I think I would prefer to recognise the
offending usernames and reject them. To do this I would use a Handler with a
negative lookahead assertion - section 13.1.20 in the 2.16.1 manual. Note that
the example below will match on anything that is not A-Z, a-z, 0-9, and "-",
"_" or "@". If your normal usernames include any other characters, you will
have to add them to the list.
And for the second part of the problem, I would define a second, INTERNAL
session database to use for this Handler.
Something like this:
<SessionDabatase INTERNAL>
Identifier SDB_INTERNAL
</SessionDatabase>
<Handler Username = /^(?!A-Za-z0-9-_@)/>
SessionDatabase = SDB_INTERNAL
AuthBy Reject_User
</Handler>
Obviously with the above, you would also specify an AuthBy FILE with an
Identifier of Reject_user to reject everything.
Note that the usual caveats regarding not mixing Realms and Handlers
apply - change your existing Realms to Handlers like this:
<Realm .....>
.....
</Realm>
becomes
<Handler Realm = .....>
.....
</Handler>
Also note that Handlers are scanned in the order they appear in the
configuration file, so the more specific must appear before the more general.
hth
Hugh
On Fri, 14 Jul 2000, Charles Sprickman wrote:
> Hi,
>
> We have the occasional login where all we get garbage characters
> for a username. I assume this is line noise or our modems not
> playing well with other modems (we're using USR/3Com TCs) This ends up
> producing stuff like this:
>
> DBD::mysql::st execute failed: You have an error in your SQL syntax near
> (various control and escape chars here) at line 1 at
> /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189.
>
> and:
>
> : You have an error in your SQL syntax near ')'' at line 1
> Thu Jul 13 15:45:30 2000: ERR: Execute failed for 'select NASIDENTIFIER,
> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
> USERNAME='_p/zOC4(Kn)xi=_(I)
>
> Both of these seem to be from Radiator doing a select on the session db to
> see if the garbled username is online. Is there any way to get rid of
> this? Should I try to make a regex to get rid of these characters in a
> RewriteUsername (not sure how really, it's all binary junk)?
>
> Thanks,
>
> Charles
>
> | Charles Sprickman | Internet Channel
> | INCH System Administration Team | (212)243-5200
> | [EMAIL PROTECTED] | [EMAIL PROTECTED]
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
