(RADIATOR) PEAP/MSCHAP-V2 and realms
Hugh Irvine
hugh at open.com.au
Wed Oct 5 03:24:30 CDT 2005
Salut Stephane -
Could you please send us a copy of the trace 4 debug showing what is
happening?
regards
Hugh
On 5 Oct 2005, at 11:08, DELORT Stephane wrote:
> Hello all,
>
> my company have different agencies in different country. Each
> agency has its own active directory with its own domain.
> So, we've got fr.murex.com for france and us.murex.com for the us.
>
> I would like to authenticate the users in their realms.
>
> In order to do this I did :
>
> **********************************************
>
> ...
>
> # Tried with and without
> RewriteUsername s/^(.*)\\(.*)/$2\@$1/
>
>
> # FR corporate users
>
> <Handler TunnelledByPEAP=1, realm=FR-MX-COM>
> AuthByPolicy ContinueWhileAccept
> AuthBy CheckMacAddress
> AuthBy CheckCorporateUsersFR
> </Handler>
>
> <AuthBy LSA>
> Identifier CheckCorporateUsersFR
>
> Group wifi
> DomainController frdomaincontroller
> EAPType MSCHAP-V2
> </AuthBy>
>
>
> # US corporate users
>
> <Handler TunnelledByPEAP=1, realm=US-MX-COM >
> AuthByPolicy ContinueWhileAccept
> AuthBy CheckMacAddress
> AuthBy CheckCorporateUsersUS
> </Handler>
>
> <AuthBy LSA>
> Identifier CheckCorporateUsersUS
> DomainController usdomaincontroller
> EAPType MSCHAP-V2
> AddToReply TRPZ-VLAN-Name = mx_corpo
> </AuthBy>
>
>
>
> <Handler Called-Station-Id=/MX_WIFI/ >
> MaxSessions 1
> <AuthBy FILE>
> EAPAnonymous %0
>
> EAPType PEAP
> EAPTLS_CAFile %D/certificates/certifs_murex/mycert.crt
>
> EAPTLS_CertificateFile %D/certificates/certifs_murex/
> mycert.crt
> EAPTLS_CertificateType PEM
>
> EAPTLS_PrivateKeyFile %D/certificates/certifs_murex/mycert.key
> EAPTLS_PrivateKeyPassword murex
>
> EAPTLS_MaxFragmentSize 1000
> AutoMPPEKeys
> SSLeayTrace 4
> EAPTLS_SessionResumptionLimit 120
> EAPTLS_PEAPVersion 0
>
> </AuthBy>
> </Handler>
>
>
> *************************************************
>
> Stil, this does not work.
> Is there a mean to accomplish what I want without having to
> authenticate the users against the central domain controller ?
>
> If I use the central domain controller (the 'father' of US-MX-COM
> and FR-MX-COM), what happens when two users have the same login and
> password ?
>
>
> Best regards,
> Stéphane
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list