On Fri, 4 Aug 2000, Hugh Irvine wrote:
Now I see... Not as mysterious as I thought...
> with this configuration:
>
> <Handler User-Name = /[^a-zA-Z0-9-@.]/>
> > Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Username =
^^^^^^^^
I was missing the "-"...
Thanks for the quick response though...
Charles
> > /[^A-Za-z0-9-@.]/ should be used to handle this request
> > Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler Realm=inch.com should be
> > used to handle this request
> > Thu Aug 3 19:50:45 2000: DEBUG: Check if Handler should be used to
> > handle this request
> > Thu Aug 3 19:50:45 2000: DEBUG: Handling request with Handler ''
> > Thu Aug 3 19:50:45 2000: DEBUG: SDB_internal Deleting session for
> > st!$%nky, 203.63.154.1, 1234
> > Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthSQL
> > Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthFILE
> > Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with
> > st!$%nky
> > Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE looks for match with
> > DEFAULT
> > Thu Aug 3 19:50:45 2000: DEBUG: Handling with Radius::AuthUNIX
> > Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX looks for match with
> > st!$%nky
> > Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthUNIX ACCEPT:
> > Thu Aug 3 19:50:45 2000: DEBUG: Radius::AuthFILE ACCEPT:
> > Thu Aug 3 19:50:45 2000: DEBUG: Access accepted for st!$%nky
> >
> > Weird... I KNOW you know perl regex's, so I'm guessing this is something
> > else?? The same regex works fine in a standalone test program that checks
> > strings against that regex...
> >
> > Thanks,
> >
> > Charles
> >
> > > It will match on any character that is not one of "A-Z", "a-z", "0-9", "-",
> > > "@", and ".". I also forgot the "." last time, which is a bit silly if you are
> > > accepting "@" don't you think?
> > >
> > > (sheepish) regards
> > >
> > > Hugh
> > >
> > > On Fri, 04 Aug 2000, Charles Sprickman wrote:
> > > > Hi,
> > > >
> > > > Per a previous question, I put the following handler as the first handler
> > > > in my radius.cfg:
> > > >
> > > > # This handler catches garbage logins
> > > > <Handler Username = /^(?!A-Za-z0-9-@)/>
> > > > SessionDatabase = SDB_internal
> > > > AuthBy Reject_User
> > > > </Handler>
> > > >
> > > > I'm not too good at complex regular expressions, but this one came from
> > > > Hugh, and it's supposed to match any username that does not have the
> > > > characters A-Z, a-z, 0-9, "-", or "@" in it. This was to solve the
> > > > problem of passing authentication any further when we get a garbled
> > > > username. The seperate session db is to keep the clutter out of our main
> > > > session db.
> > > >
> > > > When I actually gave it a try, I found that it was matching everything:
> > > >
> > > > (from a trace level 4)
> > > > Thu Aug 3 17:54:01 2000: DEBUG: Rewrote user name to rrdesign
> > > > Thu Aug 3 17:54:01 2000: DEBUG: Check if Handler Username =
> > > > /^(?!A-Za-z0-9-@)/ should be used to handle this request
> > > > Thu Aug 3 17:54:01 2000: DEBUG: Handling request with Handler 'Username =
> > > > /^(?!A-Za-z0-9-@)/'
> > > > Thu Aug 3 17:54:01 2000: DEBUG: SDB_internal Deleting session for
> > > > rrdesign, 216.223.195.9, 1284
> > > > Thu Aug 3 17:54:01 2000: DEBUG: Handling with Radius::AuthFILE
> > > > Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
> > > > rrdesign
> > > > Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE looks for match with
> > > > DEFAULT
> > > > Thu Aug 3 17:54:01 2000: DEBUG: Radius::AuthFILE
> > > > REJECT_IMMEDIATE: Rejected explicitly by Auth-Type=Reject
> > > > Thu Aug 3 17:54:01 2000: INFO: Access rejected for rrdesign: Rejected
> > > > explicitly by Auth-Type=Reject
> > > >
> > > > Any ideas?
> > > >
> > > > Thanks,
> > > >
> > > > Charles
> > > >
> > > > | Charles Sprickman | Internet Channel
> > > > | INCH System Administration Team | (212)243-5200
> > > > | [EMAIL PROTECTED] | [EMAIL PROTECTED]
> > > >
> > > >
> > > > ===
> > > > Archive at http://www.starport.net/~radiator/
> > > > Announcements on [EMAIL PROTECTED]
> > > > To unsubscribe, email '[EMAIL PROTECTED]' with
> > > > 'unsubscribe radiator' in the body of the message.
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> > > Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> > > Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
> > >
> > >
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
