[RADIATOR] User FQN rewrite for PEAP problem

Kam Ng kng at mtroyal.ca
Fri Jan 29 17:09:40 CST 2010


Hi There,

I run into a problem on the combination of domain name and PEAP
authentication.

Here're my situation:

1. I am using Radiator as a RADIUS proxy only.   [ External AP ] --->
[ External RADIUS] ---Internet-->[RADIATOR -RADIUS PROXY] --> [Internal
RADIUS]
2. Our internal RADIUS server only recognizes domain xxx.yyy.com due to a
design restriction. Yes you are reading it correctly there's a dot between
xxx and yyy.
3. But the public domain name is actually yyy.com.
4. We want to allow external user to authenticated as joe_user at yyy.com
instead of joe_user at xxx.yyy.com

So what I have tried so far is to use RewriteUsername s/^([^@]+).*/$1
\@yyy.com/ before and outside all the "Authby RADIUS" clause. The log shows
that the user name was actually changed to joe_user at xxx.yyy.com. But the
EAP-message still has the joe_user at yyy.com attached. And the authentication
fails.

It will work if I use joe_user at xxx.yyy.com.

Any help will be appreciated. Thanks in advance.

Kam




------------------------------------------------------------------------------------------------------------------------

This communication is intended for the use of the recipient to which it is
addressed, and may
contain confidential, personal, and or privileged information. Please
contact the sender
immediately if you are not the intended recipient of this communication,
and do not copy,
distribute, or take action relying on it. Any communication received in
error, or subsequent
reply, should be deleted or destroyed.



More information about the radiator mailing list