(RADIATOR) Username in EAP requests
Hugh Irvine
hugh at open.com.au
Tue Oct 24 18:54:45 CDT 2006
Hello Peter -
Yes you should have your authentication logging in the "inner"
Handler, and you should add "EAPAnonymous %0" in the "outer" Handler.
Ie.
<Handler TunnelledByPEAP=1>
AuthBy TestUP
RejectHasReason
AuthLog authlog
</Handler>
<Handler Client-Identifier=xxx>
<AuthBy FILE>
Filename %D/users.anonymous
EAPType ... etc. .etc.
EAPAnonymous %0
</AuthBy>
RejectHasReason
</Handler>
See section 5.18.24 in the Radiator 3.15 reference manual ("doc/
ref.html").
regards
Hugh
On 25 Oct 2006, at 01:20, Peter Bates wrote:
>
> Hello all...
>
> I suspect I'm logging the wrong username with our current
> PEAP setup, as I'm occasionally seeing 'anonymous at myabc.com'
> which is distinctly not a user in our backend directory (eDirectory).
>
> 'AuthBy TestUP' is the identifier for an AuthBy LDAP2 group
> which authenticates against eDirectory using LDAP.
>
> <Handler TunnelledByPEAP=1>
> AuthBy TestUP
> RejectHasReason
> </Handler>
>
> <Handler Client-Identifier=xxx>
> <AuthBy FILE>
> Filename %D/users.anonymous
> EAPType ... etc. .etc.
> </AuthBy>
> AuthLog authlog
> RejectHasReason
> </Handler>
>
> 'authlog' is an identifier for an AuthLog FILE group:
>
> <AuthLog FILE>
> Identifier authlog
> Filename %L/auth
> LogSuccess 1
> LogFailure 1
> SuccessFormat %l client=%C clientip=%c nasip=%N \
> user=%n pass=(password) result=OK
> FailureFormat %l client=%C clientip=%c nasip=%N \
> user=%n pass=(password) result=FAIL
> </AuthLog>
>
> I guess I should have the logging in the inner (TunnelledByPEAP)
> request
> but be logging something other than %n for the username?
>
> Thanks.
>
>
> --
>
> ----------------------------------------------------------------------
> ----------------------------->
> Peter Bates, Systems Support Officer, IT Services.
> London School of Hygiene & Tropical Medicine.
> Telephone:0207-958 8353 / Fax: 0207- 636 9838
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list