odd user authenticated...

Alan DeKok aland at deployingradius.com
Wed Sep 19 15:45:52 CEST 2007


Joe Vieira wrote:
> Hello,
>    Here is the run down on my set up.  RHEL5 64bit - freeradius 1.1.6,
> samba 3.0.23c-2, using peap(ms-chapv2)/ ntlm_auth for authentication and
> ldap for authorization.  so I have ntlm_auth configured and working
> correctly.
> everytime a specific user logs in, i see this directly after his login
> success.

  Are you sure he's not trying to do anything nefarious?

> 80986-Tue Sep 18 17:10:37 2007 : Auth: Login OK: [students\\USER/<no
> User-Password attribute>] (from client UNKNOWN-CLIENT port 0) <- user
> auth line.
> 80987:Tue Sep 18 17:10:37 2007 : Auth: Login OK:
> [RUN\\\305\355\277\255/<no User-Password attribute>] (from client wism2
> port 29 cli 00-1B-77-27-B2-48) <- freaky line
> 
> now, that looks like extended unicode to me in the username...obviously
> we don't have a user named that, or even a domain named 'RUN', moreover
> it doesn't seem like that "username" should even have been authorized
> thru the ldap rules....

  So... run in debugging mode to see what's going on.

  Alan DeKok.



More information about the Freeradius-Users mailing list