(RADIATOR) EAP-MD5 is not striping realm

Jan Tomasek jan at tomasek.cz
Wed Aug 4 07:23:19 CDT 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello,
I just fund some bug in my Radiator configuration. For some reason it don't
strip realm from user name. It search in LDAP for "(uid=semik at cesnet.cz)" but
only for EAP-MD5! EAP-TTLS and EAP-PEAP seams to be working.

Radiator configuration is attached. Please can someone check it, what am I
doing bad. Please not that in logs Radiator says that "Access accepted.." that
is just because I added uid=semik at cesnet.cz to my entry to by able continue in
testing.

Log from LDAP server:

[04/Aug/2004:13:49:18 +0200] conn=1530468 op=1 msgId=4 - SRCH
base="dc=cesnet,dc=cz" scope=2 filter="(uid=semik at cesnet.cz)"
attrs="radiusPassword"
[04/Aug/2004:13:49:18 +0200] conn=1530468 op=1 msgId=4 - RESULT err=0 tag=101
nentries=1 etime=0


Radiator LOG file (I deleted "Wed Aug  4 13:49:18 2004: DEBUG/INFO: to prevent
line wrap):

Handling request with Handler 'Realm=/^cesnet\.cz$|^radius1\.cesnet\.cz$/'
Rewrote user name to semik
Rewrote user name to semik
 Deleting session for semik at cesnet.cz, 195.113.205.155, 425
Handling with Radius::AuthLDAP2: CheckLDAP
Handling with EAP: code 2, 3, 37
Response type 4
Connecting to localhost, port 389
Attempting to bind to LDAP server localhost:389)
LDAP got result for uid=semik,ou=People,dc=cesnet,dc=cz
LDAP got radiusPassword: heslo
Radius::AuthLDAP2 looks for match with semik at cesnet.cz
Radius::AuthLDAP2 ACCEPT:
EAP result: 0,
DEBUG: Access accepted for semik
Packet dump:
*** Sending to 195.113.205.155 port 21645 ....
Code:       Access-Accept
Identifier: 254
Authentic:  <29>#l<227>,<137><152>/<189><237><<8>~<192>Z<7>
Attributes:
        Tunnel-Type = 1:VLAN
        Tunnel-Medium-Type = 1:Ether_802
        Tunnel-Private-Group-ID = 1:100


I will be very thankfull for any help
- --
- --------------------------------------------------------------
Jan Tomasek aka Semik           work: CESNET, z.s.p.o.
http://www.tomasek.cz/                Zikova 4, 160 00 Praha 6
                                      Czech Republic
phone(work): +420 2 2435 5279         http://www.cesnet.cz/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBENU279++DGvj6tMRAjAHAJ46s/4Qx748TsxTs2MjaMxwFfQQCgCgpklq
KBogv0QwOMAnoNJPorMXHtk=
=UtdR
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: radius.cfg
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040804/90e28e5a/attachment.ksh>


More information about the radiator mailing list