(RADIATOR) [radiator] RewriteUserName and authentication failure

Hugh Irvine hugh at open.com.au
Wed May 18 20:21:07 CDT 2005 

Salut Stephane -

The problem here is that MSCHAP-V2 requires the full username as  
entered by the user, hence you cannot use RewriteUsername.

This is a limitation of MSCHAP-V2, not Radiator.

regards

Hugh


On 19 May 2005, at 02:24, DELORT Stephane wrote:

> Hello,
>
> I experienced a strange problem using the RewriteUserName in my  
> config file :
>
> Here is what works :
>
> #C:\Perl\bin>perl radpwtst -s MYRADIUS -secret s3cr3t -mschapv2 - 
> user hcover -password hcover
>
> <Realm DEFAULT>
>         # Look up user details in a flat file
>         <AuthBy LSA>
>                 DefaultDomain krb.com
>                 EAPType MSCHAP-V2
>         </AuthBy>
>         # Log accounting to a detail file. %D is replaced by DbDir  
> above
>         AcctLogFileName %D/detail
> </Realm>
>
>
> And what does not work :
>
> #C:\Perl\bin>perl radpwtst -s MYRADIUS -secret s3cr3t -mschapv2 - 
> user hcover at krb.com -password hcover
>
> <Realm krb.com>
>          #Strip realm
>         RewriteUsername s/^([^@]+).*/$1/
>         <AuthBy LSA>
>                 Domain krb.com
>                 EAPType MSCHAP-V2
>         </AuthBy>
> </Realm>
>
> The thing is that in both case I get :
>         "Wed May 18 18:12:45 2005: DEBUG: Radius::AuthLSA looks for  
> match with hcover"
> This makes me think that it should be OK.
> But in the first case, with RewriteUserName, I have :
>         "Wed May 18 18:16:13 2005: WARNING: Could not  
> LogonUserNetworkMSCHAP (V2): 3221225581, 0, fail to open a session:  
> username or password unknown."
>
> Obviously, my first though was wrong and I must have missed something.
>
> Thanks in advance for any help,
> Stéphane
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list