[RADIATOR] Rewrite userna functionality for use in ldap_aps authby
Alex Sharaz
A.Sharaz at hull.ac.uk
Tue May 1 15:00:37 CDT 2012
Hi Heikki,
Yup worked a treat.
Now I wonder if I can get my personal Sharaz.info domain linked into eduroam :-))
Many thanks
Alex
-----------------
sip:924110981 at sip.callwithus.com
On 1 May 2012, at 19:38, "Heikki Vatiainen" <hvn at open.com.au> wrote:
> On 04/30/2012 07:23 PM, Alex Sharaz wrote:
>
>> root at eduroam-1-east:/var/log/radius# radpwtst -s 150.237.85.225 -secret xxxx -user alexsharaz at sharaz.info -password yyyy -auth_port 1812 -noacct -mschapv2
>>
>> although it works in that it does rewrite the username stripping off the realm and giving, in this case alexsharaz instead of alexsharaz.info, authentication fails further down the food chain
>> Which I guess is something o do with the mschapv2 and the realm in the original request
>
> I think what happens here is the client calculates MS-CHAP2-Response
> based on username with realm. Once the Handler strips the realm part,
> the respective calculation within AuthBy is done with just the username
> part. The results will not then match and the authentication fails.
>
> Can you add UsernameMatchesWithoutRealm into the AuthBy. This does the
> user information lookup without realm but does not change the username
> allowing MS-CHAP-V2 to succeed.
>
> Thanks!
> Heikki
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
**************************************************
To view the terms under which this email is
distributed, please go to
http://www2.hull.ac.uk/legal/disclaimer.aspx
**************************************************
More information about the radiator
mailing list