Freeradius not always denying invalid users

Chris Moss cmoss28 at vci.net
Wed Sep 3 16:06:51 CEST 2008


Here is an example of a user who is turned off. This shows the invalid 
shell where it pulls out part of the passwd entry of another user. Note 
the username in this is all the same user.

Wed Sep  3 08:33:34 2008 : Auth: rlm_unix: [username]: invalid password
Wed Sep  3 08:33:34 2008 : Auth: Login incorrect: 
[username at vci.net/0844] (from client xx.xx.xx.xx port 3841982499 cli 
mdvi11100400714)

Wed Sep  3 08:33:48 2008 : Auth: rlm_unix: [username]: invalid shell 
[*one Oak United Methodist:/home/loumc:/bin/false*
Wed Sep  3 08:33:48 2008 : Auth: Login incorrect: 
[username at vci.net/0844] (from client xx.xx.xx.xx port 3841982499 cli 
mdvi11100400714)

Chris Moss
VCI Internet and Telephone
523 South 3rd St
Paducah, Ky 42003
Tel (270)442-0060
Fax (270)444-6734
1-800-755-1239
M-Th 8am - 8pm
Fri 8am - 7pm
Sat 9am - 4pm



Alan DeKok wrote:
> Chris Moss wrote:
>   
>> We've been running Freeradius for a long time without any issues. We
>> typically turn a customer off by changing the password in the passwd
>> file. We use the passwd file for authentication. The issue is
>> intermittent the customer is DSL so they will try to log in for a couple
>> of hours constantly before being allowed to connect.
>>     
>
>   What does that mean?  You turn a customer off, and then they keep
> trying to log in before they are allowed to connect?
>
>   
>> Once the connect
>> reseting their dsl connection forces them to login again. It will fail
>> at this point, like it's supposed to. First before I get into posting
>> any configs or that detail, has anyone else had similar problems?
>>     
>
>   I don't think I understand the question.
>
>   
>> Also, the logs sometimes show invalid shell with part of the passwd
>> file. Not necessarily the actual shell portion though. It may show the
>> home directory, or the shell, or even part of one of those such as
>> "/bin/fal"
>>     
>
>   The logs sometimes show something about stuff...
>
>   Can you post portions of the logs?  That would seem to be more useful
> than vague descriptions.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
> .
>
>   
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080903/9d54b2d4/attachment.html>


More information about the Freeradius-Users mailing list