[RADIATOR] Set Realm
Zod Mansour
zod at reachlocal.com
Tue Dec 15 10:54:46 CST 2009
Need examples for each. I can't picture how a DefaultRealm solves the
issue while I want to change the name of 2 Realms! As for
PreHandlerHook there is only one example in the goodies and I don't
see any objects/variables that I can change there to change the Realm.
thx,
Zod
On Dec 14, 2009, at 8:42 PM, Hugh Irvine wrote:
>
> Hello Zod -
>
> In this case I suggest either a DefaultRealm in the Client clause,
> or a PreHandlerHook in the outer AuthBy clause to alter the username.
>
> regards
>
> Hugh
>
>
> On 15 Dec 2009, at 12:41, Zod Mansour wrote:
>
>>
>>
>> I am still not being passed to the correct TunneledByTTLS handler.
>> The Realm does not get tacked on:
>>
>> LogDir /var/log/radius
>> DbDir /etc/radiator
>> # Use a low trace level in production systems. Increase
>> # it to 4 or 5 for debugging, or use the -trace flag to radiusd
>> Trace 4
>>
>> #RewriteUsername s/(.*)\\(.*)/$1/
>> # Listen for RADIUS requests from the Cisco WLAN controller @
>> 10.10.19.35
>>
>> <Client 10.10.19.35>
>> Secret sZ#1S!4k[T*<aCD~rY1^3=Z}\GHE-Wc-.K!f4'yQk9-F~(>?**-
>> MN`qqt3hByAJ
>> DupInterval 10
>> # Identifier rlwlc1
>> </Client>
>>
>> <Handler Called-Station-Id = /rlwireless/>
>> RewriteUsername s/(.*)/$1\@RLWIRELESS/
>> <AuthBy FILE>
>> #RewriteUsername s/^RLCORP\\([^@]+).*/$1/
>> EAPType PEAP,TTLS,TLS,MD5,Generic-Token,LEAP,MSCHAP-
>> V2,FAST
>> EAPTLS_CAFile %D/cert/cacert.pem
>> EAPTLS_CertificateFile /etc/radiator/cert/
>> server.key.pem
>> EAPTLS_PrivateKeyFile %D/cert/radius.key
>> EAPTLS_CertificateType PEM
>> AutoMPPEKeys
>> </AuthBy>
>> </Handler>
>> <Handler Called-Station-Id = /rltechops/>
>> <AuthBy FILE>
>> EAPType PEAP,TTLS,TLS,MD5,Generic-Token,LEAP,MSCHAP-
>> V2,FAST
>> EAPTLS_CAFile %D/cert/cacert.pem
>> EAPTLS_CertificateFile /etc/radiator/cert/
>> server.key.pem
>> EAPTLS_PrivateKeyFile %D/cert/radius.key
>> EAPTLS_CertificateType PEM
>> EAPAnonymous %0 at RLTECHOPS
>> AutoMPPEKeys
>> # If you want to disable rltechops comment out above and uncomment
>> below
>> # <AuthBy INTERNAL>
>> # DefaultResult Reject
>> # </AuthBy>
>> </AuthBy>
>> </Handler>
>>
>> <Handler TunnelledByTTLS=1, Realm=RLTECHOPS>
>> # RewriteUsername s/(.*)\\(.*)/$2/
>> RewriteUsername s/(.*)\@(.*)/$1/
>> <AuthBy LDAP2>
>> Debug 255
>> ServerChecksPassword
>> NoDefault
>> Host localhost
>> Port 389
>> BaseDN dc=reachlocal,dc=com
>> # see /etc/openldap/slapd.conf
>> AuthDN cn=Manager, dc=domain, dc=com
>> AuthPassword rxxxxxxxx
>> UsernameAttr uid
>> PasswordAttr userPassword
>> AddToReply Service-Type = Framed-User, Framed-
>> Protocol = PPP,Tunnel-Type = 0:VLAN,Tunnel-Medium-Type =
>> 0:802,Tunnel-Private-Group-ID = 30
>> </AuthBy>
>> </Handler>
>> <Handler TunnelledByTTLS=1>
>> RewriteUsername s/(.*)\\(.*)/$2/
>> RewriteUsername s/(.*)\@(.*)/$1/
>> <AuthBy LDAP2>
>> Debug 255
>> ServerChecksPassword
>> NoDefault
>> Host localhost
>> Port 389
>> BaseDN dc=reachlocal,dc=com
>> # see /etc/openldap/slapd.conf
>> AuthDN cn=Manager, dc=domain, dc=com
>> AuthPassword xxxxxxxx
>> UsernameAttr uid
>> PasswordAttr userPassword
>> AddToReply Service-Type = Framed-User, Framed-
>> Protocol =
>> PPP,TUNNEL_TYPE=VLAN,TUNNEL_MEDIUM_TYPE=802,TUNNEL_GROUP_ID=28
>> AutoMPPEKeys
>> </AuthBy>
>> </Handler>
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20091215/3d32c4e6/attachment.html
More information about the radiator
mailing list