Hi all,
It occassionally (sometimes frequently) happens that the NAS sends some control characters as username and password. Could it be line noise or DOS? I'm not quite sure. Here is a debug output (from the Home Server FRv0.8.1): rad_recv: Access-Request packet from host x.x.x.100:1814, id=134, length=368 User-Name = "\225\247+\037\230O:?}\263\334\374\310I\223\005\3174\226g\377%p8/\301\300\271\260MYT\021\t\340f\252\347\026\376\220,d\326\332#1e\247\246\346(\025\360\263\022\256\025\245\001\253]\005\310\240.$vo\357\326k\3756\316\007d^.\216\313\304\373\354A%\214\365-\367\027o" User-Password = "\315f\365+\266|z\210\3241\364'@\256\241\205\2468\271U\0060E\004\021\200\243\271\224\016<\036\230\224\333!'4\330\272O\366Oo)F\031\264\256\017\006T\240\343\025\024\205\252\021%G\247\362\346\273=\375H\007\201\372\250\361\2527\202\016\312\305)\277\305\204_\350\241\367\301\256\002\365?\365f?\242N\362\013"\325" NAS-IP-Address = x.x.x.196 NAS-Identifier = "x.x.x.196" NAS-Port = 1794 Acct-Session-Id = "117512730" USR-Interface-Index = 3050 USR-Supports-Tags = 0 Service-Type = Login-User USR-Chassis-Call-Slot = 8 USR-Chassis-Call-Span = 16 USR-Chassis-Call-Channel = 2 USR-Connect-Speed = NONE NAS-Port-Type = Async Proxy-State = 0x3936 rad_lowerpair: User-Name now '?§+??o:?}³ÜüÈi??Ï4?gÿ%p8/ÁÀ¹°myt??àfªç?þ?,dÖÚ#1e§¦æ(?ð³?®?¥?«]?È?.$voïÖký6Î?d^.?ËÄûìa%?õ-÷?o' rad_rmspace_pair: User-Name now '?§+??o:?}³ÜüÈi??Ï4?gÿ%p8/ÁÀ¹°myt?àfªç?þ?,dÖÚ#1e§¦æ(?ð³?®?¥?«]?È?.$voïÖký6Î?d^.?ËÄûìa%?õ-÷?o' modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok users: Matched DEFAULT at 176 modcall[authorize]: module "files" returns ok rlm_ldap: - authorize rlm_ldap: performing user authorization for ?§+??o:?}³ÜüÈi??Ï4?gÿ%p8/ÁÀ¹°myt?àfªç?þ?,dÖÚ#1e§¦æ(?ð³?®?¥?«]?È?.$voïÖký6Î?d^.?ËÄûìa%?õ-÷?o radius_xlat: '(uid=\225\247+\037\230o:?}\263\334\374\310i\223\005\3174\226g\377%p8/\301\300\271\260myt\021\340f\252\347\026\376\220,d\326\332#1e\247\246\346(\025\360\263\022\256\025\245\001\253]\005\310\240.$vo\357\326k\3756\316\007d^.\216\313\304\373\354a%\214\365-\367' radius_xlat: 'ou=radius,dc=company,dc=com,dc=ph' ldap_get_conn: Got Id: 0 rlm_ldap: attempting LDAP reconnection rlm_ldap: (re)connect to ldap.compass.com.ph:389, authentication 0 rlm_ldap: bind as / to ldap.compass.com.ph:389 rlm_ldap: waiting for bind result ... rlm_ldap: performing search in ou=radius,dc=company,dc=com,dc=ph, with filter (uid=\225\247+\037\230o:?}\263\334\374\310i\223\005\3174\226g\377%p8/\301\300\271\260myt\021\340f\252\347\026\376\220,d\326\332#1e\247\246\346(\025\360\263\022\256\025\245\001\253]\005\310\240.$vo\357\326k\3756\316\007d^.\216\313\304\373\354a%\214\365-\367 rlm_ldap: ldap_search() failed: Bad search filter rlm_ldap: search failed ldap_release_conn: Release Id: 0 ...and then it dies. Segmentation fault. It's the same username and password values on the proxy server (FR v0.8.1). It didn't crash the proxy server though. For sure, this is not a "secret" problem. Any suggestions on how to filter these kinds of username values? Thanks! regards, Alexis - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html