Blank spaces after username - problem with accounting -MySqldatabase.
Marinko Tarlac
mangia81 at gmail.com
Tue Jan 22 16:10:13 CET 2008
MySQL is 5.0.x
Query SELECT * FROM `radcheck` WHERE `UserName` LIKE 'test.user '; (added
space) returns 0 records (not found)
Query SELECT * FROM `radcheck` WHERE `UserName` LIKE 'test.user'; (without
blank space) returns valid records. (password, simultaneus-use and other
check entries.
So this can be called as FreeRadius bug ?
I saw binary option so I will test it later.
Best regards and thanks for your time and ideas you gave to me.
Marinko
2008/1/22 <tnt at kalik.co.yu>:
> It's more likely to be a MySQL bug. Try the same with a user entry in
> users file - if user can authenticate with and without trailing space
> then it is freeradius bug. If SELECT ..... 'test' and SELECT .....
> 'test ' produce the same output, then the problem is with MySQL.
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 22/1/2008, "Marinko Tarlac" <mangia81 at gmail.com> piše:
>
> >Thanks but this option didn't help.
> >
> >I tried with random username and when I add blank space after username
> user
> >still can connect... Seems like a radius bug so I will try to install
> newer
> >version.
> >
> >In any case I will inform you about this... Until I fix this issue I will
> >update radacct with my own script who will remove blank spaces in
> usernames.
> >
> >
> >Best regards
> >
> >2008/1/22 <tnt at kalik.co.yu>:
> >
> >> There is a configuration line in radiusd.conf:
> >>
> >> nospace_user = yes (default is no)
> >>
> >> that will remove trailing space even when entered. By the user. It
> >> doesn't help if the trailing space is in the database.
> >>
> >> Ivan Kalik
> >> Kalik Informatika ISP
> >>
> >>
> >> Dana 22/1/2008, "Marinko Tarlac" <mangia81 at gmail.com> piše:
> >>
> >> >> Neither. The user is adding the spaces. It looks to me like
> someone
> >> >> figured out that you have test accounts. They are using the test
> >> >> accounts to log in without paying.
> >> >>
> >> >>
> >> >Well it is more than one account and they are random usernames
> (example,
> >> >mirije, drogbba, etc. )
> >> >
> >> >
> >> >> You need to to audit your configuration to ensure that you are
> using
> >> >> the user name *correctly*.
> >> >>
> >> >> e.g. this is wrong: SELECT ... %{User-Name} ...
> >> >>
> >> >> this is correct: SELECT ... '%{User-Name}' ...
> >> >>
> >> >> > One is sure. MySql seems fine and only solution I can do now is to
> >> make
> >> >> > querry "UPDATE radacct SET UserName=' test.user' WHERE
> >> >> > UserName='test.user '";
> >> >>
> >> >> -
> >> >>
> >> >
> >> >Inside sql.conf everything seems fine.
> >> >.....
> >> >sql_user_name = "%{User-Name}"
> >> >......
> >> >authorize_check_query = "SELECT id, UserName, Attribute, Value, op \
> >> > FROM ${authcheck_table} \
> >> > WHERE Username = '%{SQL-User-Name}' \
> >> > ORDER BY id"
> >> >authorize_reply_query = "SELECT id, UserName, Attribute, Value, op \
> >> > FROM ${authreply_table} \
> >> > WHERE Username = '%{SQL-User-Name}' \
> >> > ORDER BY id"
> >> >
> >> >Also, accounting queries are also the same. ???
> >> >
> >> >
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >>
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080122/ddb7f30b/attachment.html>
More information about the Freeradius-Users
mailing list