Packet-Src-IP-Address in logs
Alan DeKok
aland at deployingradius.com
Fri Sep 16 15:37:50 UTC 2022
On Sep 16, 2022, at 11:24 AM, Brantley Padgett via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I think what I'm seeing is just differences in versions, but wanted to get some expert opinions.
The server should behave mostly the same across all 3.x versions, so long as it's configured the same.
> I have an old Solaris system running
> radiusd: FreeRADIUS Version 3.0.11, for host sparc-sun-solaris2.11, built on Jul 14 2016 at 00:32:22
>
> And a newly built Ubuntu system running the repo version
> radiusd: FreeRADIUS Version 3.0.20, for host x86_64-pc-linux-gnu, built on Apr 14 2022 at 20:32:00
>
> On the Solaris, in the logs, I see logs that look more or less like
> ```
> Fri Sep 16 15:16:03 2022 : Auth: (2303098) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [jimmy] (from client all_ipv4 port 9910 cli 112.217.164.107)
> Fri Sep 16 15:16:12 2022 : Auth: (2303099) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [gemeaux] (from client all_ipv4 port 13949 cli 184.168.126.75)
> Fri Sep 16 15:16:14 2022 : Auth: (2303100) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [root] (from client all_ipv4 port 13932 cli 209.141.59.116)
> ```
In general you shouldn't have wildcard clients for the entire internet. That's bad.
> On Ubuntu, I see less detail
> ```
> Fri Sep 16 08:49:02 2022 : Auth: (0) Login OK: [bpadgett] (from client all_ipv4 port 0)
> Fri Sep 16 09:15:01 2022 : Auth: (1) Login OK: [bpadgett] (from client all_ipv4 port 0)
> Fri Sep 16 09:15:06 2022 : Auth: (2) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [bpadgett] (from client all_ipv4 port 0)
> Fri Sep 16 09:15:10 2022 : Auth: (3) Login incorrect (ldap: Bind credentials incorrect: Invalid credentials): [bpadgett] (from client all_ipv4 port 0)
> ```
> (those last two were me testing wrong info or blank)
>
> I am able to get the Packet-Src-IP-Address in msg_goodpass or msg_badpass, but I'm curious if there is a configuration I'm missing otherwise.
The messages have had some minor cleanup, but they're largely the same. The only difference is the the client IP in the logs.
The IP was removed at some point. A quick check through the git history doesn't show exactly when it was done.
So no, there's no configuration. Just some code change.
Alan DeKok.
More information about the Freeradius-Users
mailing list