(RADIATOR) Username in EAP requests

Hugh Irvine hugh at open.com.au
Tue Oct 24 18:54:45 CDT 2006


Hello Peter -

Yes you should have your authentication logging in the "inner"  
Handler, and you should add "EAPAnonymous %0" in the "outer" Handler.


Ie.

<Handler TunnelledByPEAP=1>
	AuthBy TestUP
	RejectHasReason
	AuthLog authlog
</Handler>

<Handler Client-Identifier=xxx>
	 <AuthBy FILE>
	    Filename %D/users.anonymous
	    EAPType ... etc. .etc.
             EAPAnonymous %0
	</AuthBy>
	RejectHasReason
</Handler>


See section 5.18.24 in the Radiator 3.15 reference manual ("doc/ 
ref.html").

regards

Hugh


On 25 Oct 2006, at 01:20, Peter Bates wrote:

>
> Hello all...
>
> I suspect I'm logging the wrong username with our current
> PEAP setup, as I'm occasionally seeing 'anonymous at myabc.com'
> which is distinctly not a user in our backend directory (eDirectory).
>
> 'AuthBy TestUP' is the identifier for an AuthBy LDAP2 group
> which authenticates against eDirectory using LDAP.
>
> <Handler TunnelledByPEAP=1>
> AuthBy TestUP
> RejectHasReason
> </Handler>
>
> <Handler Client-Identifier=xxx>
>  <AuthBy FILE>
>     Filename %D/users.anonymous
>     EAPType ... etc. .etc.
> </AuthBy>
> AuthLog authlog
> RejectHasReason
> </Handler>
>
> 'authlog' is an identifier for an AuthLog FILE group:
>
> <AuthLog FILE>
> Identifier authlog
> Filename %L/auth
> LogSuccess 1
> LogFailure 1
> SuccessFormat %l client=%C clientip=%c nasip=%N \
> user=%n pass=(password) result=OK
> FailureFormat %l client=%C clientip=%c nasip=%N \
> user=%n pass=(password) result=FAIL
> </AuthLog>
>
> I guess I should have the logging in the inner (TunnelledByPEAP)
> request
> but be logging something other than %n for the username?
>
> Thanks.
>
>
> -- 
>
> ---------------------------------------------------------------------- 
> ----------------------------->
> Peter Bates, Systems Support Officer, IT Services.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-958 8353 / Fax: 0207- 636 9838
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list