[RADIATOR] Add UsernameMatchesWithoutRealm to Auth by LSA

Johnson, Neil M neil-johnson at uiowa.edu
Wed Nov 17 12:02:13 CST 2010


Yes, but the user being check is "radtest at uiowa.edu"

Since it's AD I only want to check membership for "radtest".

The change I made to the source seems to fix the problem.

-Neil


-- 
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
neil-johnson at uiowa.edu 


> -----Original Message-----
> From: Sami Keski-Kasari [mailto:samikk at archred.com]
> Sent: Wednesday, November 17, 2010 11:21 AM
> To: Johnson, Neil M; Johnson, Neil M; radiator at open.com.au
> Subject: Re: [RADIATOR] Add UsernameMatchesWithoutRealm to Auth by LSA
> 
> Hi Neil,
> 
> As you can see, it is actually working, but it says:
> User is not a member of any Group: radtest [radtest at uiowa.edu]
> 
> So I think that problem is with your group checking.
> 
> --
> Sami
> 
> 
> 
> "Johnson, Neil M" <neil-johnson at uiowa.edu> wrote:
> 
> >Hmmm, it appears to be in the source code, but doesn't seem to work.
> >Something to do with group checking ?
> >
> >-Neil
> >
> >
> >Wed Nov 17 10:55:20 2010: DEBUG: Handling request with Handler
> >'TunnelledByPEAP=1', Identifier ''
> >Wed Nov 17 10:55:20 2010: DEBUG:  Deleting session for
> >radtest at uiowa.edu, 128.255.11.74, 18433
> >Wed Nov 17 10:55:20 2010: DEBUG: Handling with Radius::AuthLSA:
> >Wed Nov 17 10:55:20 2010: DEBUG: Handling with EAP: code 2, 10, 72, 26
> >Wed Nov 17 10:55:20 2010: DEBUG: Response type 26
> >Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA looks for match with
> >radtest [radtest at uiowa.edu]
> >Wed Nov 17 10:55:20 2010: DEBUG: Checking LSA Group membership for
> >\\IOWADC1, ITS-WIRELESS-IOWA, radtest at uiowa.edu
> >Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA
> >User is not a member of any Group: radtest [radtest at uiowa.edu]
> >Wed Nov 17 10:55:20 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> >no such user radtest
> >Wed Nov 17 10:55:20 2010: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP
> >V2 failed: no such user radtest
> >Wed Nov 17 10:55:20 2010: DEBUG: Handling with Radius::AuthLSA:
> >Wed Nov 17 10:55:20 2010: DEBUG: Handling with EAP: code 2, 10, 72, 26
> >Wed Nov 17 10:55:20 2010: DEBUG: Response type 26
> >Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA looks for match with
> >radtest [radtest at uiowa.edu]
> >Wed Nov 17 10:55:20 2010: DEBUG: Checking LSA Group membership for
> >\\IOWADC1, ITS-WIRELESS-QUARANTINE, radtest at uiowa.edu
> >Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA
> >User is not a member of any Group: radtest [radtest at uiowa.edu]
> >Wed Nov 17 10:55:20 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> >no such user radtest
> >Wed Nov 17 10:55:20 2010: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP
> >V2 failed: no such user radtest
> >Wed Nov 17 10:55:20 2010: DEBUG: Handling with Radius::AuthFILE:
> >Wed Nov 17 10:55:20 2010: DEBUG: Handling with EAP: code 2, 10, 72, 26
> >Wed Nov 17 10:55:20 2010: DEBUG: Response type 26
> >Wed Nov 17 10:55:20 2010: DEBUG: Reading users file c:\Program
> >Files\Radiator/eduroam_test_users
> >Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthFILE looks for match with
> >radtest at uiowa.edu [radtest at uiowa.edu]
> >Wed Nov 17 10:55:21 2010: DEBUG: Radius::AuthFILE REJECT: No such
> user:
> >radtest at uiowa.edu [radtest at uiowa.edu]
> >Wed Nov 17 10:55:21 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> >no such user radtest at uiowa.edu
> >Wed Nov 17 10:55:21 2010: DEBUG: AuthBy FILE result: REJECT, EAP
> MSCHAP
> >V2 failed: no such user radtest at uiowa.edu
> >Wed Nov 17 10:55:21 2010: INFO: Access rejected for radtest at uiowa.edu:
> >EAP MSCHAP V2 failed: no such user radtest at uiowa.edu
> >Wed Nov 17 10:55:21 2010: DEBUG: PostProcessing Hook: called.
> >Wed Nov 17 10:55:21 2010: DEBUG: Returned PEAP tunnelled packet dump:
> >Code:       Access-Reject
> >
> >--
> >Neil Johnson
> >Network Engineer
> >Information Technology Services
> >The University of Iowa
> >319 384-0938
> >neil-johnson at uiowa.edu
> >
> >
> >> -----Original Message-----
> >> From: radiator-bounces at open.com.au [mailto:radiator-
> >> bounces at open.com.au] On Behalf Of Johnson, Neil M
> >> Sent: Wednesday, November 17, 2010 10:39 AM
> >> To: radiator at open.com.au
> >> Subject: [RADIATOR] Add UsernameMatchesWithoutRealm to Auth by LSA
> >>
> >>
> >> Would it be possible to add the "UsernameMatchesWithoutRealm" to the
> >> "AuthBy LSA" method ?
> >>
> >> -Neil
> >>
> >>
> >> --
> >> Neil Johnson
> >> Network Engineer
> >> Information Technology Services
> >> The University of Iowa
> >> 319 384-0938
> >> neil-johnson at uiowa.edu
> >>
> >>
> >> _______________________________________________
> >> radiator mailing list
> >> radiator at open.com.au
> >> http://www.open.com.au/mailman/listinfo/radiator
> >_______________________________________________
> >radiator mailing list
> >radiator at open.com.au
> >http://www.open.com.au/mailman/listinfo/radiator
> 
> --
> Sami


More information about the radiator mailing list