Serious Bug, vouchers get deleted from radcheck table
The professional way to manage your WiFi network using FreeRADIUS
Brought to you by:
dvdwalt
Menu
▾
▴
Hi Dirk,
i'm facing a strange behaviour last days:
Some vouchers returns the error "Not Registered" and i have verified tha associated attributes on radcheck are missing.
I'm able to sort out which vouchers have been compromised by this query:
SELECT v.name, v.realm, v.batch, v.profile, v.created, v.status, v.expire, v.time_valid FROM vouchers v left join radcheck r on v.name = r.username where r.attribute IS NULL;
Since yesterday the vouchers with this problems grows up of 500+ users without any work in the frontend.
I guess there's a script in crontab may cause this.
Please let me know how to fix this problem
Thanks you in advance
Regards
Fabrizio
update:
the bug should be caused by this cron script:
30 2 * * * www-data /usr/share/nginx/html/cake2/rd_cake/Console/cake -app /usr/share/nginx/html/cake2/rd_cake OptimiseUserStats >> /dev/null 2>&1
Regards
Fabrizio
Hi Fabrizio,
Something similar is happening to my permanent users!!
have you just disabled the cron script or do you have a fix??
Thank you
Denis
Hi,
the same happened to me. Does anyone know why it happens?
I used this query to restore my voucher users, but I have no clue why it happened. I could not find anything i the OptimiseUserStats script that should cause this. Did you?
Does upgrading to latest version help?
For others with the same problem, i've restored my vouchers by using these queries:
; Fix vouchers insert into radcheck(username, op, attribute, value) SELECT v.name, ":=", "Cleartext-Password", v.password FROM vouchers v left join radcheck r on v.name = r.username and r.attribute ="Cleartext-Password" where r.attribute IS NULL; insert into radcheck(username, op, attribute, value) SELECT v.name, ":=", "Rd-User-Type", "voucher" FROM vouchers v left join radcheck r on v.name = r.username and r.attribute ="Rd-User-Type" where r.attribute IS NULL; insert into radcheck(username, op, attribute, value) SELECT v.name, ":=", "Rd-Realm", v.realm FROM vouchers v left join radcheck r on v.name = r.username and r.attribute ="Rd-Realm" where r.attribute IS NULL; insert into radcheck(username, op, attribute, value) SELECT v.name, ":=", "User-Profile", v.profile FROM vouchers v left join radcheck r on v.name = r.username and r.attribute ="User-Profile" where r.attribute IS NULL; insert into radcheck(username, op, attribute, value) SELECT v.name, ":=", "Rd-Voucher", v.time_valid FROM vouchers v left join radcheck r on v.name = r.username and r.attribute ="Rd-Voucher" where r.attribute IS NULL; ; Fix some parts of permanent users insert into radcheck(username, op, attribute, value) SELECT v.username, ":=", "Rd-User-Type", "user" FROM permanent_users v left join radcheck r on v.username = r.username and r.attribute ="Rd-User-Type" where r.attribute IS NULL; insert into radcheck(username, op, attribute, value) SELECT v.username, ":=", "Rd-Realm", v.realm FROM permanent_users v left join radcheck r on v.username = r.username and r.attribute ="Rd-Realm" where r.attribute IS NULL; insert into radcheck(username, op, attribute, value) SELECT v.username, ":=", "User-Profile", v.profile FROM permanent_users v left join radcheck r on v.username = r.username and r.attribute ="User-Profile" where r.attribute IS NULL;And this query shows permanant users that still are fubar. This gives suggestions for password for the radius log, by showing the accecpted password(s) for each user.
SELECT v.username, ":=", "Cleartext-Password", passes.pass FROM permanent_users v left join radcheck r on v.username = r.username and r.attribute ="Cleartext-Password" join (SELECT DISTINCTROW username, pass FROM `radpostauth` where reply ="Access-Accept" AND pass NOT LIKE "0x%") as passes on v.username = passes.username where r.attribute IS NULLthis is what I did, it seem work.
cd /usr/share/nginx/html
vi cake2/rd_cake/Config/RadiusDesk.php
change 90 as 0
//== 30/3/16 -> Some server wide configurations ==
$config['server_settings']['user_stats_cut_off_days'] = 0; //3 months (make zero to have no cut off)
$config['server_settings']['radacct_cut_off_days'] = 0; //3 months (make zero to have no cut off)
//== End server wide configurations ==
@Allen Thanks a lot. You saved my day.