odd user authenticated...
Alan DeKok
aland at deployingradius.com
Wed Sep 19 15:45:52 CEST 2007
Joe Vieira wrote:
> Hello,
> Here is the run down on my set up. RHEL5 64bit - freeradius 1.1.6,
> samba 3.0.23c-2, using peap(ms-chapv2)/ ntlm_auth for authentication and
> ldap for authorization. so I have ntlm_auth configured and working
> correctly.
> everytime a specific user logs in, i see this directly after his login
> success.
Are you sure he's not trying to do anything nefarious?
> 80986-Tue Sep 18 17:10:37 2007 : Auth: Login OK: [students\\USER/<no
> User-Password attribute>] (from client UNKNOWN-CLIENT port 0) <- user
> auth line.
> 80987:Tue Sep 18 17:10:37 2007 : Auth: Login OK:
> [RUN\\\305\355\277\255/<no User-Password attribute>] (from client wism2
> port 29 cli 00-1B-77-27-B2-48) <- freaky line
>
> now, that looks like extended unicode to me in the username...obviously
> we don't have a user named that, or even a domain named 'RUN', moreover
> it doesn't seem like that "username" should even have been authorized
> thru the ldap rules....
So... run in debugging mode to see what's going on.
Alan DeKok.
More information about the Freeradius-Users
mailing list