MySQL is 5.0.x Query SELECT * FROM `radcheck` WHERE `UserName` LIKE 'test.user '; (added space) returns 0 records (not found) Query SELECT * FROM `radcheck` WHERE `UserName` LIKE 'test.user'; (without blank space) returns valid records. (password, simultaneus-use and other check entries. So this can be called as FreeRadius bug ? I saw binary option so I will test it later. Best regards and thanks for your time and ideas you gave to me. Marinko 2008/1/22 <tnt@kalik.co.yu>:
It's more likely to be a MySQL bug. Try the same with a user entry in users file - if user can authenticate with and without trailing space then it is freeradius bug. If SELECT ..... 'test' and SELECT ..... 'test ' produce the same output, then the problem is with MySQL.
Ivan Kalik Kalik Informatika ISP
Dana 22/1/2008, "Marinko Tarlac" <mangia81@gmail.com> piše:
Thanks but this option didn't help.
I tried with random username and when I add blank space after username user still can connect... Seems like a radius bug so I will try to install newer version.
In any case I will inform you about this... Until I fix this issue I will update radacct with my own script who will remove blank spaces in usernames.
Best regards
2008/1/22 <tnt@kalik.co.yu>:
There is a configuration line in radiusd.conf:
nospace_user = yes (default is no)
that will remove trailing space even when entered. By the user. It doesn't help if the trailing space is in the database.
Ivan Kalik Kalik Informatika ISP
Dana 22/1/2008, "Marinko Tarlac" <mangia81@gmail.com> piše:
Neither. The user is adding the spaces. It looks to me like someone figured out that you have test accounts. They are using the test accounts to log in without paying.
Well it is more than one account and they are random usernames (example, mirije, drogbba, etc. )
You need to to audit your configuration to ensure that you are using the user name *correctly*.
e.g. this is wrong: SELECT ... %{User-Name} ...
this is correct: SELECT ... '%{User-Name}' ...
One is sure. MySql seems fine and only solution I can do now is to make querry "UPDATE radacct SET UserName=' test.user' WHERE UserName='test.user '";
-
Inside sql.conf everything seems fine. ..... sql_user_name = "%{User-Name}" ...... authorize_check_query = "SELECT id, UserName, Attribute, Value, op \ FROM ${authcheck_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id" authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \ FROM ${authreply_table} \ WHERE Username = '%{SQL-User-Name}' \ ORDER BY id"
Also, accounting queries are also the same. ???
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html