From MAILER-DAEMON Tue Mar 04 02:46:05 2003 Received: from list by monty-python.gnu.org with archive (Exim 4.10.13) id 18q77k-0006Fh-00 for mharc-bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 02:46:04 -0500 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18q77h-0006Dw-00 for bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 02:46:01 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18q77g-0006Dg-00 for bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 02:46:01 -0500 Received: from daffy.bay.net.au ([203.19.7.14]) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18q77f-00063B-00 for bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 02:46:00 -0500 Received: from daveslap ([203.19.7.21]) by daffy.bay.net.au (8.11.6/linuxconf) with SMTP id h247kp421321 for ; Tue, 4 Mar 2003 18:46:51 +1100 Message-ID: <006201c2e222$116089a0$150713cb@daveslap> From: "dave keller" To: Date: Tue, 4 Mar 2003 18:45:46 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: [Bug-gnu-radius] Space In Username causes authentication issue. X-BeenThere: bug-gnu-radius@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: Bug reports for GNU Radius List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 04 Mar 2003 07:46:02 -0000 Hi All, I'm currently running v0.96.4 and when an invalid username with a space in it attempts to authenticate, gnu radius seems to allow the login.. The radius.log comes up with a Malformed username error, but all other indicators show that the user has logged in. The detail file contains start and stop records, but we don't get an entry in the detail.auth file. /var/log/radius.log entries Mar 04 12:41:03: Main.error: Malformed username: [Ian Gillies] (from nas XXX) Mar 04 12:41:05: Main.error: Malformed username: [Ian Gillies] (from nas XXX) Mar 04 12:41:06: Main.error: Malformed username: [Ian Gillies] (from nas XXX) Any Ideas?? Thanks in advance Ciao Dave. From MAILER-DAEMON Tue Mar 04 03:07:57 2003 Received: from list by monty-python.gnu.org with archive (Exim 4.10.13) id 18q7Su-0002kt-00 for mharc-bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 03:07:56 -0500 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18q7SL-0002Op-00 for bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 03:07:21 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18q7SF-0002EH-00 for bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 03:07:16 -0500 Received: from ns1.farlep.net ([213.130.0.1] helo=Mirddin.farlep.net) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18q7S8-0001qb-00 for bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 03:07:09 -0500 Organization: Farlep-Internet Received: (from gray@localhost) by Mirddin.farlep.net id h247vmH02951; Tue, 4 Mar 2003 09:57:48 +0200 Date: Tue, 4 Mar 2003 09:57:48 +0200 From: Sergey Poznyakoff Message-Id: <200303040757.h247vmH02951@Mirddin.farlep.net> References: <006201c2e222$116089a0$150713cb@daveslap> In-Reply-To: Your message of Tue, 4 Mar 2003 18:45:46 +1100 <006201c2e222$116089a0$150713cb@daveslap> Subject: Re: [Bug-gnu-radius] Space In Username causes authentication issue. To: , X-Mailer: mail (GNU Mailutils 0.3) X-BeenThere: bug-gnu-radius@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: Bug reports for GNU Radius List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 04 Mar 2003 08:07:55 -0000 > I'm currently running v0.96.4 and when an invalid username with a space in > it attempts to authenticate, gnu radius seems to allow the login.. No, it doesn't. It drops any authentication packet containing an invalid username without responding to it. Regards, Sergey From MAILER-DAEMON Tue Mar 04 03:28:43 2003 Received: from list by monty-python.gnu.org with archive (Exim 4.10.13) id 18q7ms-0002R8-00 for mharc-bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 03:28:34 -0500 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18q7mW-0001aR-00 for bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 03:28:12 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18q7mI-0001RT-00 for bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 03:27:59 -0500 Received: from daffy.bay.net.au ([203.19.7.14]) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18q7mH-0001MF-00 for bug-gnu-radius@gnu.org; Tue, 04 Mar 2003 03:27:58 -0500 Received: from daveslap ([203.19.7.21]) by daffy.bay.net.au (8.11.6/linuxconf) with SMTP id h248Sn421821; Tue, 4 Mar 2003 19:28:49 +1100 Message-ID: <008201c2e227$ee5169b0$150713cb@daveslap> From: "dave keller" To: "Sergey Poznyakoff" , References: <006201c2e222$116089a0$150713cb@daveslap> <200303040757.h247vmH02951@Mirddin.farlep.net> Subject: Re: [Bug-gnu-radius] Space In Username causes authentication issue. Date: Tue, 4 Mar 2003 19:27:36 +1100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 X-BeenThere: bug-gnu-radius@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: Bug reports for GNU Radius List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Tue, 04 Mar 2003 08:28:32 -0000 Thanks mate!! Have done further testing/checking, the auth packet is coming via a proxy... So it seems that their could b something there causing the problem. Have sent a grumpy email to the ISP we buy dialup ports from to get them to fix their problem. Ciao Dave. ----- Original Message ----- From: "Sergey Poznyakoff" To: ; Sent: Tuesday, March 04, 2003 6:57 PM Subject: Re: [Bug-gnu-radius] Space In Username causes authentication issue. > > I'm currently running v0.96.4 and when an invalid username with a space in > > it attempts to authenticate, gnu radius seems to allow the login.. > > No, it doesn't. It drops any authentication packet containing an invalid > username without responding to it. > > Regards, > Sergey > From MAILER-DAEMON Mon Mar 17 03:19:46 2003 Received: from list by monty-python.gnu.org with archive (Exim 4.10.13) id 18upq8-0004w2-00 for mharc-bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 03:19:24 -0500 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18uppT-0004SU-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 03:18:43 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18uppH-00044S-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 03:18:33 -0500 Received: from office.imt.com.ua ([212.109.53.33] helo=pool.imt.com.ua) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18upp8-0002ky-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 03:18:22 -0500 Received: from pool.imt.com.ua (localhost [127.0.0.1]) by pool.imt.com.ua (8.12.6/8.12.6) with ESMTP id h2H8I30h072145 for ; Mon, 17 Mar 2003 10:18:03 +0200 (EET) (envelope-from ant@imt.com.ua) Received: from localhost (ant@localhost) by pool.imt.com.ua (8.12.6/8.12.6/Submit) with ESMTP id h2H8Hx94072138 for ; Mon, 17 Mar 2003 10:18:03 +0200 (EET) Date: Mon, 17 Mar 2003 10:17:59 +0200 (EET) From: Andriy Tkachuk To: bug-gnu-radius@gnu.org Message-ID: <20030317101548.E71921-100000@pool.imt.com.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Subject: [Bug-gnu-radius] is it bug or not? X-BeenThere: bug-gnu-radius@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: Bug reports for GNU Radius List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Mon, 17 Mar 2003 08:19:18 -0000 It seems to me that radiusd drops the start request from the queue if there already stop comes regardless of request-cleanup-delay parameter, is it right? And if it is isn't it an bug? Thanks, Andriy. -- Because strait is the gate, and narrow is the way, which leadeth unto life, and few there be that find it. (MAT 7:14) Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you... (MAT 7:7) ANT17-RIPE From MAILER-DAEMON Mon Mar 17 04:17:36 2003 Received: from list by monty-python.gnu.org with archive (Exim 4.10.13) id 18uqkO-0000SJ-00 for mharc-bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 04:17:32 -0500 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18uqkA-00009v-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 04:17:18 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18uqk7-00005O-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 04:17:16 -0500 Received: from mirddin.farlep.net ([213.130.0.1]) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18uqid-0007jR-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 04:15:43 -0500 Organization: Farlep-Internet Received: from Mirddin.farlep.net (localhost [127.0.0.1]) by Mirddin.farlep.net with ESMTP id h2H9Fcg19124; Mon, 17 Mar 2003 11:15:38 +0200 Message-Id: <200303170915.h2H9Fcg19124@Mirddin.farlep.net> To: "Andriy Tkachuk" Subject: Re: [Bug-gnu-radius] is it bug or not? In-reply-to: Your message of Mon, 17 Mar 2003 10:17:59 +0200 (EET) <20030317101548.E71921-100000@pool.imt.com.ua> References: <20030317101548.E71921-100000@pool.imt.com.ua> X-Mailer: MH (GNU Mailutils 0.3) Date: Mon, 17 Mar 2003 11:15:38 +0200 From: Sergey Poznyakoff cc: bug-gnu-radius@gnu.org X-BeenThere: bug-gnu-radius@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: Bug reports for GNU Radius List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Mon, 17 Mar 2003 09:17:26 -0000 > It seems to me that radiusd drops > the start request from the queue if > there already stop comes regardless of > request-cleanup-delay parameter No, it does not. A request is dropped only when its lifetime expires. Regards, Sergey From MAILER-DAEMON Mon Mar 17 04:44:05 2003 Received: from list by monty-python.gnu.org with archive (Exim 4.10.13) id 18ur9x-0000O7-00 for mharc-bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 04:43:57 -0500 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18ur9Y-00005t-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 04:43:32 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18ur9U-0008TU-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 04:43:31 -0500 Received: from office.imt.com.ua ([212.109.53.33] helo=pool.imt.com.ua) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18ur9K-0007kH-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 04:43:18 -0500 Received: from pool.imt.com.ua (localhost [127.0.0.1]) by pool.imt.com.ua (8.12.6/8.12.6) with ESMTP id h2H9hD0h072908; Mon, 17 Mar 2003 11:43:13 +0200 (EET) (envelope-from ant@imt.com.ua) Received: from localhost (ant@localhost)h2H9hCMl072905; Mon, 17 Mar 2003 11:43:13 +0200 (EET) Date: Mon, 17 Mar 2003 11:43:12 +0200 (EET) From: Andriy Tkachuk To: Sergey Poznyakoff Subject: Re: [Bug-gnu-radius] is it bug or not? In-Reply-To: <200303170915.h2H9Fcg19124@Mirddin.farlep.net> Message-ID: <20030317112220.C72270-100000@pool.imt.com.ua> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: bug-gnu-radius@gnu.org X-BeenThere: bug-gnu-radius@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: Bug reports for GNU Radius List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Mon, 17 Mar 2003 09:43:55 -0000 Hi, Sergey. (0.96.4) info radius: `time-to-live' Sets the request time-to-live in seconds. The time-to-live is the time to wait for the completion of the request. If the request job isn't completed within this interval of time it is cleared, the corresponding child process killed and the request removed from the queue. `request-cleanup-delay' Sets the request cleanup delay in seconds, i.e. determines how long will the completed account request reside in the queue. On Mon, 17 Mar 2003, Sergey Poznyakoff wrote: > > It seems to me that radiusd drops > > the start request from the queue if > > there already stop comes regardless of > > request-cleanup-delay parameter > > No, it does not. A request is dropped only when its lifetime expires. you mean request-cleanup-delay ? or time-to-live? (i think, that it might be request-cleanup-delay) so, i have in my config: request-cleanup-delay 60; for acct but there are such situations: (there are requests with same session-id) Sat Mar 15 11:17:10 2003 ^^^^^^^^^^^^^^^^^^^^^^^ Acct-Session-Id = 7818 Cisco-h323-call-origin = h323-call-origin=answer Cisco-AVPair = h323-incoming-conf-id=BC6377CC 55FD11D7 947CC0E3 217358FE Cisco-AVPair = subscriber=RegularLine User-Name = null Acct-Status-Type = Start ^^^^^ NAS-Port-Type = Async Cisco-PRI-Circuit = ISDN 2:D:27 NAS-Port-Id = 27 Cisco-AVPair = interface=ISDN 2:D:27 Calling-Station-Id = 4907364 Called-Station-Id = 78123947838 Service-Type = Login-User NAS-IP-Address = bb (i changed it here) Acct-Delay-Time = 0 Orig-NAS-Port-Id = 0 Voip-Call-Leg-Type = answer Timestamp = 1047719830 Request-Authenticator = Verified Sat Mar 15 11:17:11 2003 ^^^^^^^^^^^^^^^^^^^^^^^^ Acct-Session-Id = 7818 Cisco-h323-call-origin = h323-call-origin=answer Cisco-AVPair = h323-incoming-conf-id=BC6377CC 55FD11D7 947CC0E3 217358FE Cisco-AVPair = subscriber=RegularLine Acct-Input-Octets = 0 Acct-Output-Octets = 0 Acct-Input-Packets = 0 Acct-Output-Packets = 0 Acct-Session-Time = 0 Cisco-h323-disconnect-cause = h323-disconnect-cause=22 Cisco-AVPair = h323-ivr-out=Tariff:Unknown Cisco-AVPair = gw-rxd-cdn=78123947838 Cisco-AVPair = gw-rxd-cgn=4907364 Acct-Status-Type = Stop ^^^^ NAS-Port-Type = Async Cisco-PRI-Circuit = ISDN 2:D:27 NAS-Port-Id = 27 Cisco-AVPair = interface=ISDN 2:D:27 Calling-Station-Id = 4907364 Called-Station-Id = 78123947838 Service-Type = Login-User NAS-IP-Address = bb Acct-Delay-Time = 0 Orig-NAS-Port-Id = 0 Voip-Disconnect-Cause = 34 Voip-Call-Leg-Type = answer Timestamp = 1047719831 Request-Authenticator = Verified Sat Mar 15 11:17:25 2003 ^^^^^^^^^^^^^^^^^^^^^^^^ Acct-Session-Id = 7818 Cisco-h323-call-origin = h323-call-origin=answer Cisco-AVPair = h323-incoming-conf-id=BC6377CC 55FD11D7 947CC0E3 217358FE Cisco-AVPair = subscriber=RegularLine User-Name = null Acct-Status-Type = Start ^^^^^ NAS-Port-Type = Async Cisco-PRI-Circuit = ISDN 2:D:27 NAS-Port-Id = 27 Cisco-AVPair = interface=ISDN 2:D:27 Calling-Station-Id = 4907364 Called-Station-Id = 78123947838 Service-Type = Login-User NAS-IP-Address = bb Acct-Delay-Time = 15 Orig-NAS-Port-Id = 0 Voip-Call-Leg-Type = answer Timestamp = 1047719845 Request-Authenticator = Verified and radiusd does not recognize the it as duplicate and as the result invokes acct_start_query What do you think about this, Sergey? Am i miss something? Thank you in advance. > > Regards, > Sergey > -- Because strait is the gate, and narrow is the way, which leadeth unto life, and few there be that find it. (MAT 7:14) Ask, and it shall be given you; seek, and ye shall find; knock, and it shall be opened unto you... (MAT 7:7) ANT17-RIPE From MAILER-DAEMON Mon Mar 17 05:06:49 2003 Received: from list by monty-python.gnu.org with archive (Exim 4.10.13) id 18urVO-0007JN-00 for mharc-bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 05:06:06 -0500 Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.10.13) id 18urVK-00079w-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 05:06:02 -0500 Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.10.13) id 18urVF-0006x5-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 05:05:57 -0500 Received: from mirddin.farlep.net ([213.130.0.1]) by monty-python.gnu.org with esmtp (Exim 4.10.13) id 18urV8-0006mQ-00 for bug-gnu-radius@gnu.org; Mon, 17 Mar 2003 05:05:50 -0500 Organization: Farlep-Internet Received: from Mirddin.farlep.net (localhost [127.0.0.1]) by Mirddin.farlep.net with ESMTP id h2HA5Ug22964; Mon, 17 Mar 2003 12:05:30 +0200 Message-Id: <200303171005.h2HA5Ug22964@Mirddin.farlep.net> To: "Andriy Tkachuk" Subject: Re: [Bug-gnu-radius] is it bug or not? In-reply-to: Your message of Mon, 17 Mar 2003 11:43:12 +0200 (EET) <20030317112220.C72270-100000@pool.imt.com.ua> References: <200303170915.h2H9Fcg19124@Mirddin.farlep.net> <20030317112220.C72270-100000@pool.imt.com.ua> X-Mailer: MH (GNU Mailutils 0.3) Date: Mon, 17 Mar 2003 12:05:30 +0200 From: Sergey Poznyakoff cc: bug-gnu-radius@gnu.org X-BeenThere: bug-gnu-radius@gnu.org X-Mailman-Version: 2.1b5 Precedence: list List-Id: Bug reports for GNU Radius List-Help: List-Post: List-Subscribe: , List-Archive: List-Unsubscribe: , X-List-Received-Date: Mon, 17 Mar 2003 10:06:04 -0000 > and radiusd does not recognize the it as duplicate Recognition of duplicates is based on the value of request identifier and authenticator. In your case failure to recognize the duplicates means that the NAS has changed the identifier or the authenticator (or both) between the requests. Enabling debugging level "radius.c"=1 will show which of the items has changed. To work aroung the problem you will have to use extended comparison. For more info, please refer to http://www.gnu.org/software/radius/manual/html_chapter/radius_6.html#SEC16 and http://www.gnu.org/software/radius/manual/html_chapter/radius_9.html#SEC74 Regards, Sergey