problem with rlm_dbm_parser and DEFAULT Realms

Alan DeKok aland at deployingradius.com
Tue Apr 7 16:05:32 CEST 2009 

Seamus Bridgeman wrote:
> Id really appreciate anyone could clarify if they are indeed using DBM
> files with multiple DEFAULT user profiles and/or user profiles with
> duplicate usernames.

  Very few people are using the DBM module.  The "users" file is better
for small numbers of entries, and SQL DB's are better for large numbers
of entries.

> From my tests and cursory look at code (especially
> rlm_dbm_parser), it seems the key is based solely on username which wont
> work for multiple 'DEFAULT' usernames or duplicate usernames. As the
> key-value pair will be overwritten and this is what I see. Only the last
> DEFAULT Realm=xxx record exists in the DBM file.

  It does look like that's what the code does.

  In fact, looking at the git log, the last *substantive* change to the
code was in 2002.  The only other changes since then have been things
like re-generating the "configure" script, or internal server
maintenance (fixing includes, renaming functions, etc.)

  i.e. No one has touched the code in a *long* time.

> Other/Earlier Radius implementations used a combination of username and
> incremental counter to support ordered duplicate usernames.So multiple
> DEFAULTS would be read in as DEFAULT, DEFAULT\n00, DEFAULT\n01 ...when
> creating the DBM file and equally duplicate username matches would be
> returned by adding the same incremental counter when fetching .

  See the "files" module.  It does something similar, but uses instead
an entry number (called "order"), and tracks the "next" DEFAULT entry.
This is more robust than simply naming the entries "DEFAULT0",
"DEFAULT1", etc.

> This is causing an issue for us as we cant migrate from this earlier
> Radius to Freeradius2.1.3 

  You have access to the source code.  The fixes shouldn't be too hard.

> Could I also ask if anyone is explicltiy using DEFAULT Realm = xxx
> records in the DBM file and also if they are using
> regexp matches successfully (e.g DEFAULT Realm =~ "*.domain) as the
> rlm_dbm_parser is not matching this and
> records Realm as "" (bombs out on *). I know there is a regexp fix in
> 2.1.4 but not sure if this also applies to rlm_dbm_parser.

  It doesn't.  No one has changed the rlm_dbm source code in almost 7 years.

  Alan DeKok.

More information about the Freeradius-Users mailing list