(RADIATOR) Username in EAP requests

Peter Bates Peter.Bates at lshtm.ac.uk
Wed Oct 25 08:16:13 CDT 2006 

Hello all...
-- 

--------------------------------------------------------------------------------------------------->
Peter Bates, Systems Support Officer, IT Services.
London School of Hygiene & Tropical Medicine.
Telephone:0207-958 8353 / Fax: 0207- 636 9838 

>>> On 25/10/06 at 00:54, Hugh Irvine <hugh at open.com.au> wrote:

> Hello Peter -
> 
> Yes you should have your authentication logging in the "inner"  
> Handler, and you should add "EAPAnonymous %0" in the "outer"
Handler.
<snip>

Trying this (admittedly on Radiator 3.14), I get no joy, and I suspect

I've overcomplicated my configuration, mixing together different
samples from the 'goodies'.
Although I was using Identifiers, I've expanded them out below:

# Inner request
<Handler TunnelledByPEAP=1>
<AuthBy LDAP2>
Identifier ldap1
                Host            ldap1.lshtm.ac.uk
AuthDN xyz
AuthPassword xyz
                BaseDN  o=lshtm
UsernameAttr cn
                SSLVerify none
                UseTLS
       SSLCAFile /etc/radiator/SelfSignedCert.pem
NoDefault
RejectEmptyPassword
HoldServerConnection
GetNovellUP
Debug 255
Version 3
                EAPType PEAP,TTLS,TLS,MD5,MSCHAP-V2,LEAP
                EAPTLS_CAFile %D/certificates/x.crt
                EAPTLS_CertificateFile %D/certificates/y.crt
                EAPTLS_CertificateType PEM
                EAPTLS_PrivateKeyFile %D/certificates/y.key
                EAPTLS_MaxFragmentSize 1000
                AutoMPPEKeys
                SSLeayTrace 4
                EAPTLS_PEAPVersion 0
</AuthBy>
AuthLog authlog
RejectHasReason
</Handler>

# Outer request
<Handler Client-Identifier=xxx>
        <AuthBy FILE>
               Filename %D/users.anonymous # just contains one
"anonymous" user
                EAPType PEAP,TTLS,TLS,MD5,MSCHAP-V2,LEAP
                EAPTLS_CAFile %D/certificates/x.crt
                EAPTLS_CertificateFile %D/certificates/y.crt
                EAPTLS_CertificateType PEM
                EAPTLS_PrivateKeyFile %D/certificates/y.key
                EAPTLS_MaxFragmentSize 1000
                AutoMPPEKeys
                SSLeayTrace 4
                EAPTLS_PEAPVersion 0
               EAPAnonymous %0
        </AuthBy>
RejectHasReason
</Handler>

I guess the fact I'm repeating all the EAP* stuff isn't correct,
but if I use the above, adding the 'EAPAnonymous %0' then
authentication never completes.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list