(RADIATOR) Username in EAP requests

Peter Bates Peter.Bates at lshtm.ac.uk
Tue Oct 24 10:20:05 CDT 2006


Hello all...

I suspect I'm logging the wrong username with our current
PEAP setup, as I'm occasionally seeing 'anonymous at myabc.com'
which is distinctly not a user in our backend directory (eDirectory).

'AuthBy TestUP' is the identifier for an AuthBy LDAP2 group 
which authenticates against eDirectory using LDAP.

<Handler TunnelledByPEAP=1>
AuthBy TestUP
RejectHasReason
</Handler>

<Handler Client-Identifier=xxx>
 <AuthBy FILE>
    Filename %D/users.anonymous
    EAPType ... etc. .etc.
</AuthBy>
AuthLog authlog
RejectHasReason
</Handler>

'authlog' is an identifier for an AuthLog FILE group:

<AuthLog FILE>
Identifier authlog
Filename %L/auth
LogSuccess 1
LogFailure 1
SuccessFormat %l client=%C clientip=%c nasip=%N \
user=%n pass=(password) result=OK
FailureFormat %l client=%C clientip=%c nasip=%N \
user=%n pass=(password) result=FAIL
</AuthLog>

I guess I should have the logging in the inner (TunnelledByPEAP)
request
but be logging something other than %n for the username?

Thanks.


-- 

--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, IT Services.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838 

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list