Re: [Radiusplugin-users] username-as-common-name

radiusplugin-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Radiusplugin-users] username-as-common-name

From:	Dequan
Subject:	Re: [Radiusplugin-users] username-as-common-name
Date:	Sun, 28 Aug 2011 18:02:11 +0100

>From the log output, I am assuming that the common name isn't being
rewritten as the username -- as the StatusFileKey still refers to the
certificate common name and not the username for accounting updates.

        Sun Aug 28 17:05:03 2011 RADIUS-PLUGIN: BACKGROUND-ACCT: Scheduler:
Update for User phantomkevin.
        ...
        Sun Aug 28 17:05:03 2011 RADIUS-PLUGIN: BACKGROUND ACCT: No
accounting data was found for bob, 114.91.48.36:2671.

Having a quick look for radiusplugin.cpp, I see the section relating to
getUsernameAsCommonname:

    //rewrite the username if OpenVPN use the option username-as-comon-name
    if ( context->conf.getUsernameAsCommonname() == true )
    {
        if ( DEBUG ( context->getVerbosity() ) ) cerr << getTime() <<
"RADIUS-PLUGIN: FOREGROUND: Commonname set to Username\n";
        user->setCommonname ( get_env ( "username", envp ) );
    }
    if ( get_env ( "common_name", envp ) !=NULL )
    {
        user->setCommonname ( get_env ( "common_name", envp ) );
    }

Out of curiosity, should these 2 IFs not be the other way around like so?

    if ( get_env ( "common_name", envp ) !=NULL )
    {
        user->setCommonname ( get_env ( "common_name", envp ) );
    }
    if ( context->conf.getUsernameAsCommonname() == true )
    {
        if ( DEBUG ( context->getVerbosity() ) ) cerr << getTime() <<
"RADIUS-PLUGIN: FOREGROUND: Commonname set to Username\n";
        user->setCommonname ( get_env ( "username", envp ) );
    }

Surely the first code snippet would always end up setting the common name as
the certificate common name, even if getUsernameAsCommonname() == true?
Unless this was deliberate because OpenVPN does something odd -- like not
set the common name if username-as-common-name is set in the config file?


-----Original Message-----
From: Dequan [mailto:address@hidden 
Sent: 28 August 2011 17:19
To: address@hidden
Subject: username-as-common-name

Hi Ralf,

I have set my OpenVPN server to use --duplicate-cn and
--username-as-common-name, however Radiusplugin still tries to get
accounting packets under the certificate common name.

Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND:
OPENVPN_PLUGIN_AUTH_USER_PASS_VERIFY is called.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND: Commonname set to
Username
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND: Key:
114.91.48.36:2671.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND THREAD: New user:
username: Sun Aug 28 17:04:59 2011 us=99952 114.91.48.36:2671 Client
random2: db1d02c5 8179dd65 7daf5d38 bbcfcfe3 e4365c24 dd9bfc41 92b9d89d
08ecf979
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND  AUTH: New user auth:
username: phantomkevin, password: *****, calling station: 114.91.48.36,
commonname: bob.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: radius_server().
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: Build password packet:  password:
*****, sharedSecret: *****.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: Send packet to 127.0.0.1.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: Get ACCESS_ACCEPT-Packet.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: parse_response_packet().
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND AUTH: routes: .
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND AUTH: framed ip: .
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND AUTH: Acct Interim
Interval: 60.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: Client config file was not
written, overwriteccfiles is false
.Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUNDRADIUS-PLUGIN:
FOREGROUND THREAD: Authentication succeeded!
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND THREAD: Received routes
for user: .
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND THREAD: Received framed
ip for user: .
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND THREAD: Receive
acctinteriminterval 60 sec from backgroundprocess.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND THREAD: Add user to
map.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: Write 1 to auth_control_file
/tmp/openvpn/ifconfig/openvpn_acf_8b7a7f29b1867a8a8ac789de86e93ae2.tmp.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND THREAD: Waiting for new
user.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND:
OPENVPN_PLUGIN_CLIENT_CONNECT is called.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND: Commonname set to
Username
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND: Key:
114.91.48.36:2671.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND: Set FramedIP to the IP
(10.100.0.5) OpenVPN assigned to the user phantomkevin
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND: Add user for
accounting: username: phantomkevin, commonname: bob
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND ACCT: Get a command.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND ACCT: New User.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND ACCT: New user acct:
username: phantomkevin, interval: 60, calling station: 114.91.48.36,
commonname: bob, framed ip: 10.100.0.5.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND-ACCT:  Get
ACCOUNTING_RESPONSE-Packet.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND ACCT: Start packet was
send.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND ACCT: User was added to
accounting scheduler.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: BACKGROUND-ACCT:  No routes for
user.
Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND: Accounting succeeded!

As you may be able to see, radiusplugin correctly detects
username-as-common-name, however when adding the user to accounting, it
still uses commonname = bob:

Sun Aug 28 17:04:59 2011 RADIUS-PLUGIN: FOREGROUND: Add user for
accounting: username: phantomkevin, commonname: bob

This results in the log file filling up with accounting requests such as
the below:

Sun Aug 28 17:05:03 2011 RADIUS-PLUGIN: BACKGROUND-ACCT: Scheduler: Update
for User phantomkevin.
Sun Aug 28 17:05:03 2011 RADIUS-PLUGIN: BACKGROUND ACCT: Scheduler: Read
Statusfile.
Sun Aug 28 17:05:03 2011 RADIUS-PLUGIN: BACKGROUND ACCT: No accounting
data was found for bob, 114.91.48.36:2671.
Sun Aug 28 17:05:03 2011 RADIUS-PLUGIN: BACKGROUND-ACCT: Get
ACCOUNTING_RESPONSE-Packet.
Sun Aug 28 17:05:03 2011 RADIUS-PLUGIN: BACKGROUND-ACCT: Scheduler: Update
packet for User phantomkevin was send.

Which shows that it is trying to look up accounting data of the
certificate common name -- bob, not the common on name -- phantomkevin in
this example.

I am using the latest version -- radiusplugin_v2.1a_beta1 with the
following settings:

Overwriteccfiles=true
Useauthcontrolfile=true
Accountingonly=false
Nonfatalaccounting=false

Any idea what is causing this?

[Prev in Thread]

Current Thread

[Next in Thread]

[Radiusplugin-users] username-as-common-name, Dequan, 2011/08/28
- Re: [Radiusplugin-users] username-as-common-name, Dequan <=
- Re: [Radiusplugin-users] username-as-common-name, Dequan, 2011/08/28
  - Re: [Radiusplugin-users] username-as-common-name, Ralf Lübben, 2011/08/29
    - Message not available
    - Re: [Radiusplugin-users] username-as-common-name, Ralf Lübben, 2011/08/29

Prev by Date: [Radiusplugin-users] username-as-common-name
Next by Date: Re: [Radiusplugin-users] username-as-common-name
Previous by thread: [Radiusplugin-users] username-as-common-name
Next by thread: Re: [Radiusplugin-users] username-as-common-name
Index(es):
- Date
- Thread