Hi,
Per a previous question, I put the following handler as the first handler
in my radius.cfg:
# This handler catches garbage logins
<Handler Username = /^(?!A-Za-z0-9-@)/>
SessionDatabase = SDB_internal
AuthBy Reject_User
</Handler>
I'm not too good at complex regular expressions, but this one came from
Hugh, and it's supposed to match any username that does not have the
characters A-Z, a-z, 0-9, "-", or "@" in it. This was to solve the
problem of passing authentication any further when we get a garbled
username. The seperate session db is to keep the clutter out of our main
session db.
When I actually gave it a try, I found that it was matching everything:
(from a trace level 4)
Thu Aug 3 17:54:01 2000: DEBUG: Rewrote user name to rrdesign
Thu Aug 3 17:54:01 2000: DEBUG: Check if Handler Username =
/^(?!A-Za-z0-9-@)/ should be used to handle this request
Thu Aug 3 17:54:01 2000: DEBUG: Handling request with Handler 'Username =
/^(?!A-Za-z0-9-@)/'
Thu Aug 3 17:54:01 2000: DEBUG: SDB_internal Deleting session for
rrdesign, 216.223.195.9, 1284
Thu Aug 3 17:54:01 2000: DEBUG: Handling with Radius::AuthFILE
Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
rrdesign
Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE
REJECT_IMMEDIATE: Rejected explicitly by Auth-Type=Reject
Thu Aug 3 17:54:01 2000: INFO: Access rejected for rrdesign: Rejected
explicitly by Auth-Type=Reject
Any ideas?
Thanks,
Charles
| Charles Sprickman | Internet Channel
| INCH System Administration Team | (212)243-5200
| [EMAIL PROTECTED] | [EMAIL PROTECTED]
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
