Hugh: After a little further investigation I found the culprit. The characters %s in a user name will kill the radiator process every time. Have added a RewriteUsername rule ( s/%//g ) to remove the % sign from any strings before they are authenticated and this seems to do the trick as a work around. I will check out the UsernameCharset parameter. Thanks for the quick reply.
David Miller System Engineer -- Newport Internet [EMAIL PROTECTED] At 11:23 AM 3/15/02 +1100, Hugh Irvine wrote: >Hello David - > >Thanks for reporting this - we will investigate the cause and make sure it >doesn't happen again. > >Meanwhile, you should really use the UsernameCharset parameter is specify the >acceptable characters the a user can enter. > >Have a look at section 6.4.30 in the Radiator 2.19 reference manual. >("doc/ref.html"). > >regards > >Hugh > > >On Fri, 15 Mar 2002 10:25, David Miller wrote: > > Hi all: > > I work at a small ISP and we use Radiator (2.19) running on RedHat Linux > > (7.1) to authenticate dial-up users onto our system. Today for the first > > time since we started using Radiator it died unexpectedly on the primary > > and secondary servers. The last line to be logged from each server was the > > same, a failed login that contained nothing but garbage as the user name > > (we see these all the time from windows boxes that are in bad need of a > > reboot). Since the last line in each log was the same I did a little > > testing with radpwtst and found the following string, when supplied as the > > user name, will kill Radiator every time in our environment. > > > > ~?~?~&fn,uv~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?~?b0%sjgr~?~?~?~ > > > > This came as quite a surprise as we have been running Radiator here for six > > months and never experienced even so much as a hiccup. Any light that > > someone could shed on this would be appreciated. I have started exploring > > the use of the restartWrapper to restart Radiator in the event of a repeat > > occurance. Thanks for a great product and superb support. > > > > Regards, > > David Miller > > System Engineer -- Newport Internet > > [EMAIL PROTECTED] > > > > > > config file follows: > > ------------------------------------------- > > # radius.cfg > > # Created for use at Newport Internet > > # Author: David Miller ([EMAIL PROTECTED]) > > # > > # Uses replicated MySql session database on localhost and 10.10.10.18 using > > # private network address. RADONLINE table must have columns for the > > # rewritten user name (USERNAME), and user name as supplied by the NAS > > # (NASUSERNAME). > > # Uses snmpget program to verify DefaultSimultaneous-Use violations > > # Uses SNMPAgent clause to allow snmp queries of Radiator server. > > # Logs accounting packets to the details file, as well as the ACCOUNTING > > # table of the RADIUS database. > > # Logs log messages to RADLOG table of RADIUS database. > > # > > #===================== > > # Global Parameters > > #===================== > > LogDir /var/log/radius > > DbDir /etc/radiator/raddb > > > > AuthPort 1645 > > AcctPort 1646 > > > > # User a low trace level in production systems. Increase > > # it to 4 or 5 for debugging, or use the -trace flag to radiusd > > Trace 3 > > #Trace 5 > > > > # Log file, in form of logfile.dd_Mmm_yyy > > LogFile %L/logfile.%d_%v_%Y > > > > # Username Rewrite Rules. Strip off realm name, change to lowercase, and > > remove # any whitespace. > > RewriteUsername s/^([^@]+).*/$1/ > > RewriteUsername tr/A-Z/a-z/ > > RewriteUsername s/\s+//g > > > > # location of snmpget program > > SnmpgetProg /usr/bin/snmpget > > > > # must define LivingstonHole as 0 to get snmpget to work properly > > LivingstonHole 0 > > > > # SNMP Agent -- allow snmp queries of Radiator server > > <SNMPAgent> > > ROCommunity xxxxxxx > > BindAddress 10.10.10.17 > > Managers 10.10.10.122 localhost > > </SNMPAgent> > > > > #=========== > > # Clients > > #=========== > > <Client aaa.bbb.ccc.ddd> > > Secret xxxxxx > > DupInterval 2 > > NasType Portmaster3 > > SNMPCommunity xxxxxx > > </Client> > > > > <Client aaa.bbb.ccc.eee> > > Secret xxxxxx > > DupInterval 2 > > NasType Portmaster3 > > SNMPCommunity xxxxxx > > </Client> > > > > <Client aaa.bbb.ccc.fff> > > Secret xxxxxx > > DupInterval 2 > > NasType Portmaster3 > > SNMPCommunity xxxxxx > > </Client> > > > > <Client aaa.bbb.ccc.ggg> > > Secret xxxxxx > > DupInterval 2 > > NasType Portmaster3 > > SNMPCommunity xxxxxx > > </Client> > > > > #=============== > > # test clients > > #=============== > > <Client aaa.bbb.ccc.hhh> > > Secret xxxxxx > > </Client> > > > > <Client 127.0.0.1> > > Secret xxxxxx > > </Client> > > > > #=============== > > # SQL Logger > > #=============== > > <Log SQL> > > Identifier SQLLogger > > DBSource dbi:mysql:RADIUS > > DBUsername raduser > > DBAuth xxxxxx > > > > Table RADLOG > > LogQuery insert into RADLOG (TIME_STAMP, PRIORITY, MESSAGE) \ > > values ('%Y-%m-%d %H:%M:%S', '%1', %2 ); > > Trace 3 > > </Log SQL> > > > > #================== > > # Session Database > > #================== > > <SessionDatabase SQL> > > Identifier RadiusSessionDB > > # primary (localhost) session database > > DBSource dbi:mysql:RADIUS > > DBUsername raduser > > DBAuth xxxxxx > > > > # secondary session database > > DBSource dbi:mysql:RADIUS:10.10.10.18 > > DBUsername raduser > > DBAuth xxxxxx > > > > AddQuery insert into RADONLINE \ > > (USERNAME, NASUSERNAME, NASIDENTIFIER, NASPORT, ACCTSESSIONID, TIME_STAMP, > > \ ACCTDELAYTIME, FRAMEDIPADDRESS, NASPORTTYPE, SERVICETYPE) \ > > values ('%n', '%u', '%N', '0%{NAS-Port}', \ > > '%{Acct-Session-Id}', '%{Timestamp}', \ > > '%{Acct-Delay-Time}', '%{Framed-IP-Address}', \ > > '%{NAS-Port-Type}', '%{Service-Type}'); > > > > DeleteQuery delete from RADONLINE \ > > where NASIDENTIFIER = '%N' and NASPORT = '0%{NAS-Port}'; > > > > ClearNasQuery delete from RADONLINE where NASIDENTIFIER = '%N'; > > > > CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE \ > > where USERNAME = '%n'; > > </SessionDatabase SQL> > > > > #================== > > # AuthBy clauses > > #================== > > <AuthBy SQL> > > Identifier SQLAccountingStarts > > DBSource dbi:mysql:RADIUS > > DBUsername raduser > > DBAuth xxxxxx > > > > # empty AuthSelect clause, no authentication > > AuthSelect > > # we only want starts > > AccountingStartsOnly > > > > #Accounting table definition > > AccountingTable ACCOUNTING > > AcctColumnDef USERNAME, User-Name > > AcctColumnDef TIME_STAMP, Timestamp, integer > > AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type > > AcctColumnDef ACCTDELAYTIME, Acct-Delay-Time, integer > > AcctColumnDef ACCTINPUTOCTETS, Acct-Input-Octets, integer > > AcctColumnDef ACCTOUTPUTOCTETS, Acct-Output-Octets, integer > > AcctColumnDef ACCTSESSIONID, Acct-Session-Id > > AcctColumnDef ACCTSESSIONTIME, Acct-Session-Time, integer > > AcctColumnDef ACCTTERMINATECAUSE, Acct-Terminate-Cause, integer > > AcctColumnDef NASIDENTIFIER, NAS-IP-Address > > AcctColumnDef NASPORT, NAS-Port, integer > > AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address > > </AuthBy> > > > > <AuthBy SQL> > > Identifier SQLAccountingStops > > DBSource dbi:mysql:RADIUS > > DBUsername raduser > > DBAuth xxxxxx > > > > # empty AuthSelect clause, no authentication > > AuthSelect > > > > # we only want stop packets > > AccountingStopsOnly > > > > #Accounting table definition > > AccountingTable ACCOUNTING > > AcctColumnDef USERNAME, User-Name > > AcctColumnDef TIME_STAMP, Timestamp, integer > > AcctColumnDef ACCTSTATUSTYPE, Acct-Status-Type > > AcctColumnDef ACCTDELAYTIME, Acct-Delay-Time, integer > > AcctColumnDef ACCTINPUTOCTETS, Acct-Input-Octets, integer > > AcctColumnDef ACCTOUTPUTOCTETS, Acct-Output-Octets, integer > > AcctColumnDef ACCTSESSIONID, Acct-Session-Id > > AcctColumnDef ACCTSESSIONTIME, Acct-Session-Time, integer > > AcctColumnDef ACCTTERMINATECAUSE, Acct-Terminate-Cause, integer > > AcctColumnDef NASIDENTIFIER, NAS-IP-Address > > AcctColumnDef NASPORT, NAS-Port, integer > > AcctColumnDef FRAMEDIPADDRESS, Framed-IP-Address > > > > # AcctSQL Statements > > </AuthBy> > > > > <AuthBy FILE> > > Identifier UserFile > > Filename %D/users > > CaseInsensitivePasswords # passwords case insensitive > > DefaultSimultaneousUse 1 # Can be overridden on a per user basis. > > </AuthBy> > > > > #================== > > # Realms > > #================== > > <Realm DEFAULT> > > # Session Database to use > > SessionDatabase RadiusSessionDB > > > > # AuthBy Policy -- we continue always > > AuthByPolicy ContinueAlways > > > > AuthBy SQLAccountingStarts > > AuthBy SQLAccountingStops > > AuthBy UserFile > > > > # Log accounting to a detail file > > # Detail filename in form of detail.dd_Mmm_yyy > > AcctLogFileName %L/detail.%d_%v_%Y > > </Realm> > > > > > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > >-- >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >- >Nets: internetwork inventory and management - graphical, extensible, >flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.