Hello Karel -
At 15:42 +0200 01/7/30, [EMAIL PROTECTED] wrote:
Hello there,
We recently started billing to our customers, but now I'm confronted with users trying to get a workaround.
In our authentication we make use of an LDAP server. Users are now trying to log in with characters like:
* and \
The LDAP authentication succeeds (with eg. * being interpreted as a wild card), and next the billing fails at first-> user not found (we manually make sure the record does get recorded).
Question:
How do I prevent authentication to succeed?
Do I need to use PreAuthHook code to reject these creative users?
Anybody suggestions?
This topic has been discussed many times on the list, however my
recommendation is always to set up a special Handler to reject such
usernames immediately. Obviously, you must use Handlers in your
configuration file to be able to do this:
# set up AuthBy to reject everything
<AuthBy FILE>
</AuthBy>
# set up a Handler to reject illegal characters in
usernames
# this will reject all characters not in the list
<Handler User-Name = /[^A-Za-z0-9\.\-\_\@}/>
</Handler>
And the file "reject.users" would contain this:
# reject.users
DEFAULT Auth-Type = Reject
Note that in the next version of Radiator you will be able to do
this with a global paramater in the configuration file.
hth
Hugh
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux,
FreeBSD, Windows 95/98/2000, NT, MacOS X.
