Problem sanitising usernames in accounting
Ivan Kalik
tnt at kalik.net
Wed Oct 7 11:44:09 CEST 2009
> I'm seeing a problem with stripping usernames during accounting.
>
> Accounting is done on a separate physical server from the authentication
> (which works fine).
>
> Most of our users don't include a domain so their accounting works
> normally. Some users do send the domain (UOB) and this breaks the
> accounting because the backslash doesn't seem to get escaped.
>
> The account detail files have entries like User-Name = "UOB\\username"
> but when this gets inserted into the database the backslash(es) are not
> escaped and if the username starts with n, r or some other letters, the
> database sees \n, \r and inserts linebreaks and other undesirable
> characters.
>
> Then selecting from the database to generate statistics returns garbage,
> obviously.
>
> At the top of dialup.conf I replaced sql_user_name = "%{User-Name}" with
> sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}" but
> Stripped-User-Name does not have a value.
>
> I'm not interested in the domain in my accounting, so does anyone have
> any guidance on how to safely strip/sanitise the usernames?
Activate ntdomain in preacct and create local realm in proxy.conf:
realm UOB {
}
That should give you Stripped-User-Name.
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list