(RADIATOR) EAPTLS_NoCheckId and AuthBy FILE check

Hugh Irvine hugh at open.com.au
Mon Feb 25 17:52:23 CST 2008 

Hello Markus -

Could you please send us a trace 4 debug showing what is happening?

regards

Hugh


On 26 Feb 2008, at 09:30, Markus Moeller wrote:

> I have a setup for EAPTLS authentication as follows
>
> <AuthBy FILE>
>         Identifier EapTLSTest
>         Filename %D/ADUsers
>
>         EAPType TLS
>         EAPTLS_CAFile /etc/ssl/certs/allcerts.pem
>         EAPTLS_CAPath /etc/ssl/certs
>         EAPTLS_CertificateFile %D/servercert.pem
>         EAPTLS_CertificateType PEM
>         EAPTLS_PrivateKeyFile %D/serverkey.pem
>         EAPTLS_PrivateKeyPassword password
>         EAPTLS_MaxFragmentSize 1000
>         #EAPTLS_CRLCheck
>         #EAPTLS_CRLFile %D/certificates/crl.pem
>         #EAPTLS_CRLFile %D/certificates/revocations.pem
>         #EAPTLSRewriteCertificateCommonName s/testUsemikem/
>         EAPTLS_NoCheckId
>         AutoMPPEKeys
> </AuthBy>
> #
> <Handler Device-Class=WlanTest>
>         # Mark request as Radius request if not already set by TACACS+
>         AddToRequestIfNotExist Request-Protocol=EapTLS
>         AuthByPolicy ContinueUntilReject
>         AuthBy EapTLSTest
>         AuthLog LogEapTLSAuthentication
>         AuthLog SysLogEapTLSAuthentication
>         AcctLogFileName %L/detail-%d-%v-%Y.log
> </Handler>
>
>
> with ADUser
>
> DEFAULT User-LockedOut=No
>
>
> When I receive a EAPTLS request I don't see any check against the  
> ADUser entries. But when I disable EAPTLS_NoCheckId(e.g. comment it  
> with #) it seems to check against ADUser. Is this the correct  
> behaviour ?
>
> Why does EAPTLS_NoCheckId the use of ADUser ?
>
> Thank you
> Markus
>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list