[RADIATOR] Add UsernameMatchesWithoutRealm to Auth by LSA

Johnson, Neil M neil-johnson at uiowa.edu
Wed Nov 17 11:16:19 CST 2010 

I changed the following code in AuthByLSA.pm:

    # If this is obviously a host name, strip the host part
    # so we can check group membership
    if ($username =~ /^host\/([^\.]+)/)
    {
	$username = "$1\$";
    }

    # Line Added
    $username =~ s/@[^@]*$// if $self->{UsernameMatchesWithoutRealm};

--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
neil-johnson at uiowa.edu 


> -----Original Message-----
> From: Johnson, Neil M
> Sent: Wednesday, November 17, 2010 11:04 AM
> To: Johnson, Neil M; radiator at open.com.au
> Subject: RE: Add UsernameMatchesWithoutRealm to Auth by LSA
> 
> Hmmm, it appears to be in the source code, but doesn't seem to work.
> Something to do with group checking ?
> 
> -Neil
> 
> 
> Wed Nov 17 10:55:20 2010: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> Wed Nov 17 10:55:20 2010: DEBUG:  Deleting session for
> radtest at uiowa.edu, 128.255.11.74, 18433
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with Radius::AuthLSA:
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with EAP: code 2, 10, 72, 26
> Wed Nov 17 10:55:20 2010: DEBUG: Response type 26
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA looks for match with
> radtest [radtest at uiowa.edu]
> Wed Nov 17 10:55:20 2010: DEBUG: Checking LSA Group membership for
> \\IOWADC1, ITS-WIRELESS-IOWA, radtest at uiowa.edu
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA
> User is not a member of any Group: radtest [radtest at uiowa.edu]
> Wed Nov 17 10:55:20 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> no such user radtest
> Wed Nov 17 10:55:20 2010: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP
> V2 failed: no such user radtest
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with Radius::AuthLSA:
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with EAP: code 2, 10, 72, 26
> Wed Nov 17 10:55:20 2010: DEBUG: Response type 26
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA looks for match with
> radtest [radtest at uiowa.edu]
> Wed Nov 17 10:55:20 2010: DEBUG: Checking LSA Group membership for
> \\IOWADC1, ITS-WIRELESS-QUARANTINE, radtest at uiowa.edu
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA
> User is not a member of any Group: radtest [radtest at uiowa.edu]
> Wed Nov 17 10:55:20 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> no such user radtest
> Wed Nov 17 10:55:20 2010: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP
> V2 failed: no such user radtest
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with Radius::AuthFILE:
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with EAP: code 2, 10, 72, 26
> Wed Nov 17 10:55:20 2010: DEBUG: Response type 26
> Wed Nov 17 10:55:20 2010: DEBUG: Reading users file c:\Program
> Files\Radiator/eduroam_test_users
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthFILE looks for match with
> radtest at uiowa.edu [radtest at uiowa.edu]
> Wed Nov 17 10:55:21 2010: DEBUG: Radius::AuthFILE REJECT: No such user:
> radtest at uiowa.edu [radtest at uiowa.edu]
> Wed Nov 17 10:55:21 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> no such user radtest at uiowa.edu
> Wed Nov 17 10:55:21 2010: DEBUG: AuthBy FILE result: REJECT, EAP MSCHAP
> V2 failed: no such user radtest at uiowa.edu
> Wed Nov 17 10:55:21 2010: INFO: Access rejected for radtest at uiowa.edu:
> EAP MSCHAP V2 failed: no such user radtest at uiowa.edu
> Wed Nov 17 10:55:21 2010: DEBUG: PostProcessing Hook: called.
> Wed Nov 17 10:55:21 2010: DEBUG: Returned PEAP tunnelled packet dump:
> Code:       Access-Reject
> 
> --
> Neil Johnson
> Network Engineer
> Information Technology Services
> The University of Iowa
> 319 384-0938
> neil-johnson at uiowa.edu
> 
> 
> > -----Original Message-----
> > From: radiator-bounces at open.com.au [mailto:radiator-
> > bounces at open.com.au] On Behalf Of Johnson, Neil M
> > Sent: Wednesday, November 17, 2010 10:39 AM
> > To: radiator at open.com.au
> > Subject: [RADIATOR] Add UsernameMatchesWithoutRealm to Auth by LSA
> >
> >
> > Would it be possible to add the "UsernameMatchesWithoutRealm" to the
> > "AuthBy LSA" method ?
> >
> > -Neil
> >
> >
> > --
> > Neil Johnson
> > Network Engineer
> > Information Technology Services
> > The University of Iowa
> > 319 384-0938
> > neil-johnson at uiowa.edu
> >
> >
> > _______________________________________________
> > radiator mailing list
> > radiator at open.com.au
> > http://www.open.com.au/mailman/listinfo/radiator

More information about the radiator mailing list