Incorrect username being registered by freeradius
aland at deployingradius.com
Tue Jun 23 15:00:20 CEST 2020
On Jun 22, 2020, at 10:04 PM, Daniel Guimaraes Pena <daniel.pena at mpdft.mp.br> wrote:
> Hi everyone,
> My freeradius (FreeRADIUS Version 3.0.12) sometimes accept users and logs at postgre some username that just don’t exist at Active Directory. I just couldn’t debug and stopped at dead end now.
FreeRADIUS doesn't accept *any* users by default. So if it accepts a user name, it's because your local system is configured to accept them.
> Here to illustrate:
> Mon Jun 22 18:35:06 2020 : Auth: (82485) Login OK: [flaviol] (from client AP-SD1-A07-Q04 port 0 via TLS tunnel)
> Mon Jun 22 18:35:06 2020 : Auth: (82486) Login OK: [flaviol] (from client AP-SD1-A07-Q04 port 2 cli E0-5F-45-###)
> -[ RECORD 1 ]------+---------------------------------
> radacctid | 5993772
> acctsessionid | 38ED2133-00000040
> acctuniqueid | 2e3edbe1aa2069c36ac67cf96384219c
> username | e05f4588a57d
That looks like a MAC address.
> Both entries are from the same device (same MAC address),
So what's the MAC address?
> received Login OK, but the first one got that string as username. Client is not the same. But there is a lot of entries with the correct username for that client.
> The odd thing is when it happens, the same string appears to the that user all the time. For other user, a different string appears and it will be always the same.
Yes, likely because it's the MAC address of the device.
> Sorry, but this is a difficult problem to explain... Even the title of thread was difficult to choose =[
> Anyway, can anyone help me debug this problem?
> # lsb_release -a
None of that matters.
> =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.06.22 22:51:13 =~=~=~=~=~=~=~=~=~=~=~=
> freeradius -X
> Ready to process requests
How can we debug the server when you don't provide debug logs?
Read this: http://wiki.freeradius.org/list-help
More information about the Freeradius-Users