<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Alan,<br>
<br>
Previously the freeradius was installed using yum (Centos 4.0) and I'm
just make a yum search for freeradius and no new update is available.
If I'm going to get the latest RPM and install manually, will the
currently configuration is able to work with the latest freeradius? I'm
a bit worry to upgrade the RPM on the fly as this server currently is
on production. Looking for your advice in this matter.<br>
<br>
Regards<br>
<br>
cktan wrote:
<blockquote cite="mid:4A13D93A.20906@ocesb.com.my" type="cite">
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
Dear Alan,<br>
<br>
The freeradius version is Version 1.0.1. I will try to upgrade to the
latest version to see whether it fix. Thank for your suggestion.<br>
<br>
Regards<br>
<br>
Alan DeKok wrote:
<blockquote cite="mid:4A13D4DD.1040704@deployingradius.com"
type="cite">
<pre wrap="">cktan wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi all,
I'm using freeradius+LDAP for the PPPoE dialup access control for a
while. Lately I noticed there is weird issue whereby an user login with
username as "user=5C=5C=5C=5Cuser@domain" and surprisingly freeradius
allow it to login although the actual username should be "user@domain".
</pre>
</blockquote>
<pre wrap=""><!---->
FreeRADIUS receives the User-Name that the NAS sends it, and ask LDAP
if it's OK.
</pre>
<blockquote type="cite">
<pre wrap="">I've run radius in -X mode and capture the log for your reference as
below. In radiusd -X, we noticed server received Access-Request with
username "user=5C=5C=5C=5Cuser@domain" but when reach to radius_xlat,
the uid will become "user" only and when it query my LDAP the account
for "user" is available and it will accept the access request.
</pre>
</blockquote>
<pre wrap=""><!---->
The "radius_xlat" doesn't delete '=5C' from the User-Name.
</pre>
<blockquote type="cite">
<pre wrap="">The question is why "user=5C=5C=5C=5Cuser" = "user"?
</pre>
</blockquote>
<pre wrap=""><!---->
If the User-Name is that in the Access-Request, it's because that's
what the user typed. The usual reason for the user typing this is
because that are trying to cheat you.
</pre>
<blockquote type="cite">
<pre wrap="">We try the username
with xC (i.e. 1C, 2C, 3C and so on...) and all are able to login because
radius will take as user@domain.
</pre>
</blockquote>
<pre wrap=""><!---->
I'm not sure I agree.
</pre>
<blockquote type="cite">
<pre wrap="">After login, the username in radacct
will become "user=5C=5C=5C=5Cuser@domain" instead of "user@domain". As
the consequence, the smart user may have multiple logins (by using
user=1C/2C/3C....) and the records in radacct is different and therefore
we will out of control for multiple login with single account. Any idea
to fix this?
</pre>
</blockquote>
<pre wrap=""><!---->
Which version of FreeRADIUS are you running? I suspect that it's
older than 1.1.7, which means it's a bug that was fixed *many* years ago.
Upgrade to 2.1.6, and the problem will go away.
Alan DeKok.
-
List info/subscribe/unsubscribe? See <a moz-do-not-send="true"
class="moz-txt-link-freetext"
href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
-- <br>
This message has been scanned for viruses and
<br>
dangerous content by
<a moz-do-not-send="true" href="http://www.mailscanner.info/"><b>MailScanner</b></a>,
and is
<br>
believed to be clean.
<pre wrap="">
<hr size="4" width="90%">
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
</blockquote>
</body>
<br />--
<br />This message has been scanned for viruses and
<br />dangerous content by
<a href="http://www.mailscanner.info/"><b>MailScanner</b></a>, and is
<br />believed to be clean.
</html>