Problem sanitising usernames in accounting
Jonathan Gazeley
jonathan.gazeley at bristol.ac.uk
Wed Oct 7 12:32:54 CEST 2009
On 10/07/2009 10:44 AM, Ivan Kalik wrote:
>> I'm seeing a problem with stripping usernames during accounting.
>>
>> Accounting is done on a separate physical server from the authentication
>> (which works fine).
>>
>> Most of our users don't include a domain so their accounting works
>> normally. Some users do send the domain (UOB) and this breaks the
>> accounting because the backslash doesn't seem to get escaped.
>>
>> The account detail files have entries like User-Name = "UOB\\username"
>> but when this gets inserted into the database the backslash(es) are not
>> escaped and if the username starts with n, r or some other letters, the
>> database sees \n, \r and inserts linebreaks and other undesirable
>> characters.
>>
>> Then selecting from the database to generate statistics returns garbage,
>> obviously.
>>
>> At the top of dialup.conf I replaced sql_user_name = "%{User-Name}" with
>> sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}" but
>> Stripped-User-Name does not have a value.
>>
>> I'm not interested in the domain in my accounting, so does anyone have
>> any guidance on how to safely strip/sanitise the usernames?
>>
> Activate ntdomain in preacct and create local realm in proxy.conf:
>
> realm UOB {
> }
>
> That should give you Stripped-User-Name.
>
> Ivan Kalik
> Kalik Informatika ISP
>
Thanks, this works nicely.
More information about the Freeradius-Users
mailing list