[RADIATOR] changing from auth by file to auth by pam

Richard Dunne richard.dunne at dit.ie
Fri Aug 19 05:16:04 CDT 2011


I have added the RewriteUsername s/^([^@]+).*/$1/ which does remove the
linux.com realm . But still even withthis and  the correct password i get a
failure .

 

 

Fri Aug 19 11:35:56 2011: DEBUG: Handling request with Handler
'TunnelledByPEAP=1, Realm=linux.com'

Fri Aug 19 11:35:56 2011: DEBUG: Rewrote user name to root

Fri Aug 19 11:35:56 2011: DEBUG:  Deleting session for root at linux.com,
172.30.3.251, 

Fri Aug 19 11:35:56 2011: DEBUG: Handling with PAM service passwd

Fri Aug 19 11:35:56 2011: DEBUG: PAM is asking for 1: 'Password'

Fri Aug 19 11:35:59 2011: DEBUG: AuthBy PAM result: REJECT, Authentication
failure: 

Fri Aug 19 11:35:59 2011: INFO: Access rejected for root: Authentication
failure: 

Fri Aug 19 11:35:59 2011: DEBUG: Returned PEAP tunnelled packet dump:

 

From: radiator-bounces at open.com.au [mailto:radiator-bounces at open.com.au] On
Behalf Of Richard Dunne
Sent: 19 August 2011 11:05
To: 'Heikki Vatiainen'
Cc: radiator at open.com.au
Subject: [RADIATOR] changing from auth by file to auth by pam

 

Hello all 

 

Im having a problem moving from Auth by FILE to PAM 

 

The handler is <Handler TunnelledByPEAP=1, Realm=linux.com>

        <AuthBy FILE>

                Filename %D/users

                #Service passwd

                UsernameMatchesWithoutRealm

                AddToReply Extreme-Netlogin-Vlan = cccc

                EAPType MSCHAP-V2

        </AuthBy>

</Handler>

 

Works perfect and  give the following, rewrites the username to pat. Which
is perfect 

 

Fri Aug 19 11:13:31 2011: DEBUG: Handling request with Handler
'TunnelledByPEAP=1, Realm=linux.com'

Fri Aug 19 11:13:31 2011: DEBUG:  Deleting session for pat at linux.com,
172.30.3.251, 

Fri Aug 19 11:13:31 2011: DEBUG: Handling with Radius::AuthFILE: 

Fri Aug 19 11:13:31 2011: DEBUG: Handling with EAP: code 2, 233, 68, 26

Fri Aug 19 11:13:31 2011: DEBUG: Response type 26

Fri Aug 19 11:13:31 2011: DEBUG: Reading users file ./users

Fri Aug 19 11:13:31 2011: DEBUG: Radius::AuthFILE looks for match with pat
[pat at linux.com]

Fri Aug 19 11:13:31 2011: DEBUG: Radius::AuthFILE REJECT: No such user: pat
[pat at linux.com]

Fri Aug 19 11:13:31 2011: DEBUG: EAP result: 1, EAP MSCHAP V2 failed: no
such user pat

Fri Aug 19 11:13:31 2011: DEBUG: AuthBy FILE result: REJECT, EAP MSCHAP V2
failed: no such user pat

Fri Aug 19 11:13:31 2011: INFO: Access rejected for pat at linux.com: EAP
MSCHAP V2 failed: no such user pat

Fri Aug 19 11:13:31 2011: DEBUG: Returned PEAP tunnelled packet dump:

 

 

 

When I change it to auth by PAM

 

Handler becomes 

The handler is <Handler TunnelledByPEAP=1, Realm=linux.com>

        <AuthBy PAM>

                Service passwd

                UsernameMatchesWithoutRealm

                AddToReply Extreme-Netlogin-Vlan = cccccccccccccc

                EAPType MSCHAP-V2

        </AuthBy>

</Handler>

 

I get an error which is using the full username pat at linux.com. I need the
@linux.conm removed 

Fri Aug 19 11:25:21 2011: DEBUG: Handling request with Handler
'TunnelledByPEAP=1, Realm=linux.com'

Fri Aug 19 11:25:21 2011: DEBUG:  Deleting session for pat at linux.com,
172.30.3.251, 

Fri Aug 19 11:25:21 2011: DEBUG: Handling with PAM service login

Fri Aug 19 11:25:21 2011: DEBUG: PAM is asking for 1: 'Password'

Fri Aug 19 11:25:23 2011: DEBUG: AuthBy PAM result: REJECT, User not known
to the underlying authentication module: 

Fri Aug 19 11:25:23 2011: INFO: Access rejected for pat at linux.com: User not
known to the underlying authentication module: 

Fri Aug 19 11:25:23 2011: DEBUG: Returned PEAP tunnelled packet dump:

 

 

IM using the UsernameMatchesWithoutRealm and some regexp rewrite , but the
damn @linux won't go away .

 

 

 

Any ideas ?

 

Regards  Richard 

 

 

 


This message has been scanned for content and viruses by the DIT Information
Services E-Mail Scanning Service, and is believed to be clean.
http://www.dit.ie 


This message has been scanned for content and viruses by the DIT Information Services E-Mail Scanning Service, and is believed to be clean. http://www.dit.ie
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110819/30d9d76d/attachment.html 


More information about the radiator mailing list