[RADIATOR] Realms with AuthBy LDAP2 problem

Heikki Vatiainen hvn at open.com.au
Mon May 23 01:41:46 CDT 2011


On 05/22/2011 06:25 PM, romans at cc.technion.ac.il wrote:

> I’ve met some problem when added Realm to my username. Below is my debug log:

Try UsernameMatchesWithoutRealm instead of using RewriteUsername. Please
see below for more.

> Attributes:
>         User-Name = "alex at tx"
>         MS-CHAP-Challenge = <211><236><200><0>~<143><30><242>?<14><13><189><155><233><198><20>
>         MS-CHAP2-Response = <0><0>#<198>&<232><139><232>t?<247><5>b<232>\<145><14><140><0><0><0><0><0><0><0><0>Kk<128>e-j<130><233><163><158><138>1<175><228>`N8u<209>^<245><182>0<252>

You are using MS-CHAP-V2 so no plain text password is received by
Radiator. The Challenges and responses are calculated with the username
as one component, so Radiator has to use the same username as the client
did when it checks the challenge.

> Sun May 22 18:08:09 2011: DEBUG: Rewrote user name to alex

Rewrote breaks things.

> And my radius.cfg:

> <Realm tx>
>         RewriteUsername s/^([^@]+).*/$1/

Remove the above.

>         <AuthBy LDAP2>
>                 NoDefault
>                 TranslatePasswordHook sub {return "{nthash}$_[0]";}

Add UsernameMatchesWithoutRealm here


Please let us know if the above helps.

Thanks!

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list