Blank spaces after username - problem with accounting - MySqldatabase.

Marinko Tarlac mangia81 at gmail.com
Tue Jan 22 15:17:23 CET 2008


Thanks but this option didn't help.

I tried with random username and when I add blank space after username user
still can connect... Seems like a radius bug so I will try to install newer
version.

In any case I will inform you about this... Until I fix this issue I will
update radacct with my own script who will remove blank spaces in usernames.


Best regards

2008/1/22 <tnt at kalik.co.yu>:

> There is a configuration line in radiusd.conf:
>
> nospace_user = yes (default is no)
>
> that will remove trailing space even when entered. By the user. It
> doesn't help if the trailing space is in the database.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 22/1/2008, "Marinko Tarlac" <mangia81 at gmail.com> piše:
>
> >>  Neither.  The user is adding the spaces.  It looks to me like someone
> >> figured out that you have test accounts.  They are using the test
> >> accounts to log in without paying.
> >>
> >>
> >Well it is more than one account and they are random usernames (example,
> >mirije, drogbba, etc. )
> >
> >
> >>  You need to to audit your configuration to ensure that you are using
> >> the user name *correctly*.
> >>
> >>  e.g. this is wrong: SELECT ... %{User-Name} ...
> >>
> >>  this is correct:    SELECT ... '%{User-Name}' ...
> >>
> >> > One is sure. MySql seems fine and only solution I can do now is to
> make
> >> > querry "UPDATE radacct SET UserName=' test.user' WHERE
> >> > UserName='test.user  '";
> >>
> >> -
> >>
> >
> >Inside sql.conf everything seems fine.
> >.....
> >sql_user_name = "%{User-Name}"
> >......
> >authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
> >          FROM ${authcheck_table} \
> >          WHERE Username = '%{SQL-User-Name}' \
> >          ORDER BY id"
> >authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
> >          FROM ${authreply_table} \
> >          WHERE Username = '%{SQL-User-Name}' \
> >          ORDER BY id"
> >
> >Also, accounting queries are also the same. ???
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080122/6603d7a6/attachment.html>


More information about the Freeradius-Users mailing list