Sorry to bug the list... I have had serious email problems and I found this email from archives even... ------
Now the thing about the usernames is; Actually we dont have spaces in any of our usernames. But you know the users! they make the most funny mistakes you wouldnt even imagine. Now for a support person watching the failed logins, if he/she cant see this user accidentally enters a space in the middle, front or end of the username. Then it wouldnt be nice. I just checked my radius log and I have this kind of entries... Thu Jul 24 09:50:17 2003 : Auth: Login incorrect: [%U4d1%K\\GWaSb6Uy\\m_\025vEH+)HC%4<I#VQR5[6ugU*KF:UOV[>LurD%*P2_G[-;:$n([j7S+BZmc#IN(&=%fj0k4b)G%XU4d1%K\\GWaSb6Uy\\m_\025vEH+)HC%4<I#VQR5[6ugU*KF:UOV[>LurD%*P2_G[-;:$n([j7S+BZmc#IN(&=%B`}Z] (from client as1 port 57 cli XXXX) Thu Jul 24 10:16:46 2003 : Auth: Login incorrect: [astoto ] (from client as1 port 107) Thu Jul 24 11:57:21 2003 : Auth: Login incorrect: [ENG\335N TEK] (from client as1 port 4 cli 0XXXXXX) Thu Jul 24 13:51:13 2003 : Auth: Login incorrect: [xyxxxx~j~LLL1L|IS_FfqxxxXA] (from client as1 port 38) Thu Jul 24 12:21:06 2003 : Auth: Invalid user: [<no User-Name attribute>] (from client as1 port 48 cli 02XXXXXXX) Anything is possible! Perhaps its better to get inside square brackets up to 64 characters? About the error messages, Isnt it a lot better to log the real message? For example Thu Jul 24 11:30:30 2003 : Auth: Multiple logins (max 1) [MPP attempt]: [myuser1] (from client as1 port 20119 cli 0XXXX) Thu Jul 24 11:38:08 2003 : Auth: Multiple logins (max 1) : [mmyuser2] (from client as1 port 20030) It is more explanatory and perhaps diffferent people would have more different messages anyway. I dont get the point of inserting "Login Incorrect" instead of "Login incorrect" ? :) Plus it is a lot easier to get the error message as it is from the logs if ( ! /Login OK/ && /: Auth:.+\(from client.+/ ) { $cause = (split /:/,$_)[4]; $cause =~ s/^\s+|\s+$//g; } Can get any error message easily...? I attached the unified diff output of the patch. How could I know that you want that? I am a newbie at this after all. Evren On Sat, 19 Jul 2003, Evren Yurtesen wrote: > First of all log_badlogins is getting confused if there is a space in > username. OK, although I don't like the idea of spaces inside the usernames I 've added support for that. > Also I thought it is not very efficent to give the error a name > and record this name to sql. I think its better to record the error > as it is and then recall it from mysql as it is. Well I attached a patch > for that to log_badlogins which breaks the failed_logins page which is > waiting to find the names that log_badlogins put into mysql. But the fix > for that is below also... The files were from freeradius-0.9.0-pre3 > release so patch apply to dialup_adminn log_badlogins in that release First of all the patch is not unified. Also I don't quite follow the reason for this change. > > The other problem is in truncate_radacct... it gives this error. But it > works when the commands are given line by line > > 2003-04-20 18:35:04 > DBD::mysql::db do failed: You have an error in your SQL syntax near > ';DELETE FROM radacct WHERE AcctStopTime < '2003-04-20 18:35:04';UNLOCK > TABLES' at line 1 at ./truncate_radacct line 30. OK I 've made a few changes in the binary files and it should work now.
--- log_badlogins.orig Fri Jul 18 02:58:53 2003 +++ log_badlogins Fri Jul 18 03:04:34 2003 @@ -61,46 +61,24 @@ seek LOG, 0, 2 if ($all_file eq 'no'); for(;;){ while(<LOG>){ - $do=0; chomp; if ($_ ne ''){ $user = $nas = $port = $caller = '-'; - if (/Login incorrect/){ - if (/Login incorrect \((.+?)\):/){ - $cause = "Login-Incorrect ($1)"; - }else{ - $cause='Login-Incorrect'; - } - $do=1; - } - elsif (/Invalid user/){ - if (/Invalid user \((.+?)\):/){ - $cause = "Invalid-User ($1)"; - }else{ - $cause='Invalid-User'; - } - $do=1; - } - elsif (/Multiple logins/){ - $cause='Multiple-Logins'; - $do=1; - } - elsif (/(Outside allowed timespan \(.+?\)):/){ - $cause = "$1"; - $do=1; - } - if ($do){ + #process if login is not ok + if ( ! /Login OK/ && /: Auth:.+\(from client.+/ ) { $date = (split / : /,$_)[0]; $date2 = ParseDate($date); if ($date2){ ($year,$mon,$mday,$hour,$min,$sec)=UnixDate($date2,'%Y','%m','%d','%H','%M','%S'); } $time = "$year-$mon-$mday $hour:$min:$sec"; - if (/\[([EMAIL PROTECTED])\]\s+\(from (.+?)\)/){ + $cause = (split /:/,$_)[4]; + $cause =~ s/^\s+|\s+$//g; + if (/\[([\ [EMAIL PROTECTED])\]\s+\(from (.+?)\)/){ $user = $1; ($nas,$port,$caller) = (split /\s+/,$2)[1,3,5]; } - elsif (/\[([EMAIL PROTECTED])\/.+?\]\s+\(from (.+?)\)/){ + elsif (/\[([\ [EMAIL PROTECTED])\/.+?\]\s+\(from (.+?)\)/){ $user = $1; ($nas,$port,$caller) = (split /\s+/,$2)[1,3,5]; }