(RADIATOR) Problem with multiple realms
Jorge Meireles
jorge.meireles at iric.up.pt
Wed Mar 24 05:47:21 CST 2004
Hello,
I have set up a system with a Cisco 1200 and Radiator 3.8 and my objective
is authenticating EAP and TTLS clients.
When I use only <Handler TunnelledByPEAP=1> or <Handler TunnelledByTTLS=1>
it works fine but when I change it to handle PEAP and TTLS requests by realm
like <Handler TunnelledByPEAP=1, Realm = domain1.pt> it won't work. By the
logs seems it won't get into this handler.
I need also to add to reply some items but I can't make it work either.
Everything runs fine when this items are in users file but don't work when I
use, for example, AddToReply User-Name=%u, User-Name=%u ,
Tunnel-Type="1:VLAN", Tunnel-Medium-Type="1:Ether_802",
Tunnel-Private-Group-ID="1:80" .
Thanks in advance,
Jorge
Radius.cfg
---------------------
Foreground
LogStdout
AuthPort 1645
AcctPort 1646
LogDir /var/log/radius
DbDir /usr/local/radiator
DictionaryFile %D/dictionary/dictionary
PidFile /var/run/radiusd.pid
Trace 4
<AuthLog FILE>
Identifier localusers
Filename %D/logs/localusers.log
SuccessFormat %1:%T from %U at %N:OK
FailureFormat %1:%T from %U at %N:FAIL
LogSuccess 1
LogFailure 1
</AuthLog>
<AuthLog FILE>
Identifier roamingusers
Filename %D/logs/roamingusers.log
SuccessFormat %1:%T from %U at %N:OK
FailureFormat %1:%T from %U at %N:FAIL
LogSuccess 1
LogFailure 1
</AuthLog>
<Client 192.168.20.80>
Secret *************
</Client>
<Client RadiusProxy>
Secret **********
Identifier Proxy
</Client>
<Handler TunnelledByPEAP=1, Realm = domain1.pt>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy FILE>
RewriteUsername s/^([^@]+).*/$1/
Filename %D/users/users-peap_domain1
EAPType MSCHAP-V2
EAPTLS_PEAPVersion 0
AddToReply User-Name=%u, User-Name=%u ,
Tunnel-Type="1:VLAN", Tunnel-Medium-Type="1:Ether_802",
Tunnel-Private-Group-ID="1:80"
</AuthBy>
AuthLog localusers
</Handler>
<Handler TunnelledByTTLS=1, Realm = domain1.pt>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy FILE>
RewriteUsername s/^([^@]+).*/$1/
Filename %D/users/users-ttls_domain1
AddToReply User-Name=%u , Tunnel-Type="1:VLAN",
Tunnel-Medium-Type="1:Ether_802", Tunnel-Private-Group-ID="1:80"
</AuthBy>
AuthLog localusers
</Handler>
<Handler TunnelledByPEAP=1, Realm=domain2.pt>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy FILE>
RewriteUsername s/^([^@]+).*/$1/
Filename %D/users/users-peap_domain2
EAPType MSCHAP-V2
EAPTLS_PEAPVersion 0
AddToReply User-Name=%u
</AuthBy>
AuthLog localusers
</Handler>
<Handler TunnelledByTTLS=1, Realm=domain2.pt>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy FILE>
RewriteUsername s/^([^@]+).*/$1/
Filename %D/users/users-ttls_domain2
AddToReply User-Name=%u
</AuthBy>
AuthLog localusers
</Handler>
<Handler Realm = /^domain1.pt|domain2.pt$/>
RewriteUsername s/^([^@]+).*/$1/
<AuthBy FILE>
EAPType TTLS, PEAP
EAPTLS_CAFile %D/certificates/demoCA/cacert.pem
EAPTLS_CertificateFile %D/certificates/cert-srv.pem
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/cert-srv.pem
EAPTLS_PrivateKeyPassword *********
EAPTLS_MaxFragmentSize 1000
AutoMPPEKeys
</AuthBy>
</Handler>
<Handler Realm = /^.+$/,Client-Identifier=/^(?!Proxy$)/>
<AuthBy RADIUS>
Host ProxyRadius
Secret ************
AuthPort 1812
AcctPort 1813
Retries 0
StripFromReply Tunnel-Type, Tunnel-Medium-Type,
Tunnel-Private-Group-ID
</AuthBy>
AuthLog roamingusers
</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20040324/3d88d21b/attachment.html>
More information about the radiator
mailing list