This is on FreeRADIUS Version 1.1.7. I use 'mysql' to authenticate users.
I had one customer use a name something like "fred @domain.dom" - ie -
there is a space after 'fred' and before the '@' sign.
This was being logged in my 'radacct' table with the space intact.
I've since managed to find the customer and fix the 'space'.
I've also changed radiusd.conf ...
nospace_user = before
nospace_pass = before
(nospace_pass - seems like a good idea as well!)
(Both were previously set to "no")
The user was authentication just fine - so some sort of stripping of the
realm was happening before validation - so some sort of "ignore the
space" appears to have been happening...
but what I'd like to know is will "nospace_user = before" fix future
problems of this sort? ????
In addition - in my SQL statement - if the user does not provide a realm
- then I append a default realm - which also may have allowed the name
to authenticate... (I have some old users who are set in their ways). I
see I also compare the two parts (username and realm) separately.
authorize_check_query = "SELECT userid as id,UserName,'Password' as
Attribute,password as Value,'==' as op FROM useracct WHERE
Username='%{Stripped-User-Name}' AND realm=( case when '%{Realm}'='NULL'
then 'domain.dom' else '%{Realm}' end) AND status>2 ORDER BY id"
--
. . ___. .__ Posix Systems - Sth Africa
/| /| / /__ [EMAIL PROTECTED] - Mark J Elkins, SCO ACE, Cisco CCIE
/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
