radwtmp

Escobar, Emilio emilio.escobar at hp.com
Fri Mar 7 18:32:57 CET 2008


Try this patch and let me know if it worked for you so I can submit it to the official bugs site.

Thanks,

Emilio

-----Original Message-----
From: freeradius-users-bounces+emilio.escobar=hp.com at lists.freeradius.org [mailto:freeradius-users-bounces+emilio.escobar=hp.com at lists.freeradius.org] On Behalf Of David WU
Sent: Friday, March 07, 2008 11:21 AM
To: FreeRadius users mailing list
Subject: radwtmp


I found that the first character of login in the logout record of each login/logout pair missing, as illustrated by the attached file (logins and
host ips changed with an hex editor to anonymize the data).   This in
contrast to the local wtmp file.

I discovered this anomaly when I ran a perl script on radwtmp (which was designed to be ran on wtmp and used to find hackers - strange logins not found in the local password database).

The native 'last' command operated on radwtmp with normal results, so I suspect 'last' uses as index the host field instead of the name field.

I am running freeradius-1.1.7 and then freeradius-2.0.1 on FreeBSD 6.3-RELEASE, with the same results.


Best Regards
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix.patch
Type: application/octet-stream
Size: 691 bytes
Desc: fix.patch
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080307/078a974f/attachment.obj>


More information about the Freeradius-Users mailing list