Packet-Src-IP-Address in logs
Brantley Padgett
brantleyp1 at yahoo.com
Fri Sep 16 17:48:46 UTC 2022
> In general you shouldn't have wildcard clients for the entire internet. That's bad.
Preachin to the choir... but these were the crayons I was given. :-/
> So no, there's no configuration. Just some code change.
Hooyah. That makes sense. The msg_good/badpass option works, I'll just have to update the fail2ban regex a little but that won't be any trouble.
Thanks!
Brantley Padgett
The question is not how far. The question is,
do you possess the constitution,
the depth of faith, to go as far as is needed?
-Boondock Saints
On Friday, September 16, 2022, 10:38:08 AM CDT, Alan DeKok <aland at deployingradius.com> wrote:
On Sep 16, 2022, at 11:24 AM, Brantley Padgett via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I think what I'm seeing is just differences in versions, but wanted to get some expert opinions.
The server should behave mostly the same across all 3.x versions, so long as it's configured the same.
> I have an old Solaris system running
> radiusd: FreeRADIUS Version 3.0.11, for host sparc-sun-solaris2.11, built on Jul 14 2016 at 00:32:22
>
> And a newly built Ubuntu system running the repo version
> radiusd: FreeRADIUS Version 3.0.20, for host x86_64-pc-linux-gnu, built on Apr 14 2022 at 20:32:00
>
> On the Solaris, in the logs, I see logs that look more or less like
> ```
> Fri Sep 16 15:16:03 2022 : Auth: (2303098) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [jimmy] (from client all_ipv4 port 9910 cli 112.217.164.107)
> Fri Sep 16 15:16:12 2022 : Auth: (2303099) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [gemeaux] (from client all_ipv4 port 13949 cli 184.168.126.75)
> Fri Sep 16 15:16:14 2022 : Auth: (2303100) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [root] (from client all_ipv4 port 13932 cli 209.141.59.116)
> ```
In general you shouldn't have wildcard clients for the entire internet. That's bad.
> On Ubuntu, I see less detail
> ```
> Fri Sep 16 08:49:02 2022 : Auth: (0) Login OK: [bpadgett] (from client all_ipv4 port 0)
> Fri Sep 16 09:15:01 2022 : Auth: (1) Login OK: [bpadgett] (from client all_ipv4 port 0)
> Fri Sep 16 09:15:06 2022 : Auth: (2) Login incorrect (No Auth-Type found: rejecting the user via Post-Auth-Type = Reject): [bpadgett] (from client all_ipv4 port 0)
> Fri Sep 16 09:15:10 2022 : Auth: (3) Login incorrect (ldap: Bind credentials incorrect: Invalid credentials): [bpadgett] (from client all_ipv4 port 0)
> ```
> (those last two were me testing wrong info or blank)
>
> I am able to get the Packet-Src-IP-Address in msg_goodpass or msg_badpass, but I'm curious if there is a configuration I'm missing otherwise.
The messages have had some minor cleanup, but they're largely the same. The only difference is the the client IP in the logs.
The IP was removed at some point. A quick check through the git history doesn't show exactly when it was done.
So no, there's no configuration. Just some code change.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list