Hi all,
I'm running 2.16.1 w/all patches and was wondering if there is a way to
control the sequence or order of the reply-items. For example, I have an
AddToReplyIfNotExist statement to add a port-limit and it always gets added
as the first item in the reply-list, same if I modify the source in the auth
module to add a reply. I need to have this inserted last, or after the
framed-address, because I have one NAS that won't honor the port-limit if it
comes before the framed-address.
Thanks,
Kevin
-----Original Message-----
From: Hugh Irvine <[EMAIL PROTECTED]>
To: Charles Sprickman <[EMAIL PROTECTED]>; [EMAIL PROTECTED]
<[EMAIL PROTECTED]>
Date: Thursday, July 13, 2000 8:49 PM
Subject: Re: (RADIATOR) Line Noise and garbled usernames
>
>Hello Charles -
>
>There are two aspects to what you describe below: the first is to recognise
the
>garbage logins (via regexp) and the second is to avoid passing those logins
to
>the SQL session database.
>
>For the first part of the problem, I think I would prefer to recognise the
>offending usernames and reject them. To do this I would use a Handler with
a
>negative lookahead assertion - section 13.1.20 in the 2.16.1 manual. Note
that
>the example below will match on anything that is not A-Z, a-z, 0-9, and
"-",
>"_" or "@". If your normal usernames include any other characters, you will
>have to add them to the list.
>
>And for the second part of the problem, I would define a second, INTERNAL
>session database to use for this Handler.
>
>Something like this:
>
><SessionDabatase INTERNAL>
> Identifier SDB_INTERNAL
></SessionDatabase>
>
><Handler Username = /^(?!A-Za-z0-9-_@)/>
> SessionDatabase = SDB_INTERNAL
> AuthBy Reject_User
></Handler>
>
>Obviously with the above, you would also specify an AuthBy FILE with an
>Identifier of Reject_user to reject everything.
>
>Note that the usual caveats regarding not mixing Realms and Handlers
>apply - change your existing Realms to Handlers like this:
>
><Realm .....>
> .....
></Realm>
>
>becomes
>
><Handler Realm = .....>
> .....
></Handler>
>
>Also note that Handlers are scanned in the order they appear in the
>configuration file, so the more specific must appear before the more
general.
>
>hth
>
>Hugh
>
>
>On Fri, 14 Jul 2000, Charles Sprickman wrote:
>> Hi,
>>
>> We have the occasional login where all we get garbage characters
>> for a username. I assume this is line noise or our modems not
>> playing well with other modems (we're using USR/3Com TCs) This ends up
>> producing stuff like this:
>>
>> DBD::mysql::st execute failed: You have an error in your SQL syntax near
>> (various control and escape chars here) at line 1 at
>> /usr/local/lib/perl5/site_perl/5.005/Radius/SqlDb.pm line 189.
>>
>> and:
>>
>> : You have an error in your SQL syntax near ')'' at line 1
>> Thu Jul 13 15:45:30 2000: ERR: Execute failed for 'select NASIDENTIFIER,
>> NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
>> USERNAME='_p/zOC4(Kn)xi=_(I)
>>
>> Both of these seem to be from Radiator doing a select on the session db
to
>> see if the garbled username is online. Is there any way to get rid of
>> this? Should I try to make a regex to get rid of these characters in a
>> RewriteUsername (not sure how really, it's all binary junk)?
>>
>> Thanks,
>>
>> Charles
>>
>> | Charles Sprickman | Internet Channel
>> | INCH System Administration Team | (212)243-5200
>> | [EMAIL PROTECTED] | [EMAIL PROTECTED]
>>
>>
>> ===
>> Archive at http://www.starport.net/~radiator/
>> Announcements on [EMAIL PROTECTED]
>> To unsubscribe, email '[EMAIL PROTECTED]' with
>> 'unsubscribe radiator' in the body of the message.
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
>Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on [EMAIL PROTECTED]
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
