Sorry to bug the list... I have had serious email problems and I found
this email from archives even...
------
Now the thing about the usernames is;
Actually we dont have spaces in any of our usernames. But you know the
users! they make the most funny mistakes you wouldnt even imagine.
Now for a support person watching the failed logins, if he/she cant see
this user accidentally enters a space in the middle, front or end of the
username. Then it wouldnt be nice.
I just checked my radius log and I have this kind of entries...
Thu Jul 24 09:50:17 2003 : Auth: Login incorrect:
[%U4d1%K\\GWaSb6Uy\\m_\025vEH+)HC%4<I#VQR5[6ugU*KF:UOV[>LurD%*P2_G[-;:$n([j7S+BZmc#IN(&=%fj0k4b)G%XU4d1%K\\GWaSb6Uy\\m_\025vEH+)HC%4<I#VQR5[6ugU*KF:UOV[>LurD%*P2_G[-;:$n([j7S+BZmc#IN(&=%B`}Z]
(from client as1 port 57 cli XXXX)
Thu Jul 24 10:16:46 2003 : Auth: Login incorrect: [astoto ] (from client as1 port
107)
Thu Jul 24 11:57:21 2003 : Auth: Login incorrect: [ENG\335N TEK] (from client as1 port
4 cli 0XXXXXX)
Thu Jul 24 13:51:13 2003 : Auth: Login incorrect: [xyxxxx~j~LLL1L|IS_FfqxxxXA] (from
client as1 port 38)
Thu Jul 24 12:21:06 2003 : Auth: Invalid user: [<no User-Name attribute>] (from client
as1 port 48 cli 02XXXXXXX)
Anything is possible! Perhaps its better to get inside square brackets up
to 64 characters?
About the error messages, Isnt it a lot better to log the real message?
For example
Thu Jul 24 11:30:30 2003 : Auth: Multiple logins (max 1) [MPP attempt]: [myuser1]
(from client as1 port 20119 cli 0XXXX)
Thu Jul 24 11:38:08 2003 : Auth: Multiple logins (max 1) : [mmyuser2] (from client as1
port 20030)
It is more explanatory and perhaps diffferent people would have more
different messages anyway. I dont get the point of inserting "Login
Incorrect" instead of "Login incorrect" ? :)
Plus it is a lot easier to get the error message as it is from the logs
if ( ! /Login OK/ && /: Auth:.+\(from client.+/ ) {
$cause = (split /:/,$_)[4];
$cause =~ s/^\s+|\s+$//g;
}
Can get any error message easily...?
I attached the unified diff output of the patch. How could I know that you
want that? I am a newbie at this after all.
Evren
On Sat, 19 Jul 2003, Evren Yurtesen wrote:
> First of all log_badlogins is getting confused if there is a space in
> username.
OK, although I don't like the idea of spaces inside the usernames I 've
added
support for that.
> Also I thought it is not very efficent to give the error a name
> and record this name to sql. I think its better to record the error
> as it is and then recall it from mysql as it is. Well I attached a patch
> for that to log_badlogins which breaks the failed_logins page which is
> waiting to find the names that log_badlogins put into mysql. But the fix
> for that is below also... The files were from freeradius-0.9.0-pre3
> release so patch apply to dialup_adminn log_badlogins in that release
First of all the patch is not unified. Also I don't quite follow the
reason for
this change.
>
> The other problem is in truncate_radacct... it gives this error. But it
> works when the commands are given line by line
>
> 2003-04-20 18:35:04
> DBD::mysql::db do failed: You have an error in your SQL syntax near
> ';DELETE FROM radacct WHERE AcctStopTime < '2003-04-20 18:35:04';UNLOCK
> TABLES' at line 1 at ./truncate_radacct line 30.
OK I 've made a few changes in the binary files and it should work now.
--- log_badlogins.orig Fri Jul 18 02:58:53 2003
+++ log_badlogins Fri Jul 18 03:04:34 2003
@@ -61,46 +61,24 @@
seek LOG, 0, 2 if ($all_file eq 'no');
for(;;){
while(<LOG>){
- $do=0;
chomp;
if ($_ ne ''){
$user = $nas = $port = $caller = '-';
- if (/Login incorrect/){
- if (/Login incorrect \((.+?)\):/){
- $cause = "Login-Incorrect ($1)";
- }else{
- $cause='Login-Incorrect';
- }
- $do=1;
- }
- elsif (/Invalid user/){
- if (/Invalid user \((.+?)\):/){
- $cause = "Invalid-User ($1)";
- }else{
- $cause='Invalid-User';
- }
- $do=1;
- }
- elsif (/Multiple logins/){
- $cause='Multiple-Logins';
- $do=1;
- }
- elsif (/(Outside allowed timespan \(.+?\)):/){
- $cause = "$1";
- $do=1;
- }
- if ($do){
+ #process if login is not ok
+ if ( ! /Login OK/ && /: Auth:.+\(from client.+/ ) {
$date = (split / : /,$_)[0];
$date2 = ParseDate($date);
if ($date2){
($year,$mon,$mday,$hour,$min,$sec)=UnixDate($date2,'%Y','%m','%d','%H','%M','%S');
}
$time = "$year-$mon-$mday $hour:$min:$sec";
- if (/\[([EMAIL PROTECTED])\]\s+\(from (.+?)\)/){
+ $cause = (split /:/,$_)[4];
+ $cause =~ s/^\s+|\s+$//g;
+ if (/\[([\ [EMAIL PROTECTED])\]\s+\(from (.+?)\)/){
$user = $1;
($nas,$port,$caller) = (split /\s+/,$2)[1,3,5];
}
- elsif (/\[([EMAIL PROTECTED])\/.+?\]\s+\(from
(.+?)\)/){
+ elsif (/\[([\ [EMAIL PROTECTED])\/.+?\]\s+\(from
(.+?)\)/){
$user = $1;
($nas,$port,$caller) = (split /\s+/,$2)[1,3,5];
}
