[RADIATOR] Rewrite userna functionality for use in ldap_aps authby

Alex Sharaz A.Sharaz at hull.ac.uk
Tue May 1 15:00:37 CDT 2012 

Hi Heikki,
Yup worked a treat.

Now I wonder if I can get my personal Sharaz.info domain linked into eduroam  :-))
Many thanks
Alex

-----------------
sip:924110981 at sip.callwithus.com


On 1 May 2012, at 19:38, "Heikki Vatiainen" <hvn at open.com.au> wrote:

> On 04/30/2012 07:23 PM, Alex Sharaz wrote:
> 
>> root at eduroam-1-east:/var/log/radius# radpwtst -s 150.237.85.225 -secret xxxx  -user alexsharaz at sharaz.info -password yyyy -auth_port 1812 -noacct  -mschapv2
>> 
>> although it works in that it does rewrite the username stripping off the realm and giving, in this case alexsharaz instead of alexsharaz.info, authentication fails further down the food chain 
>> Which I guess is something o do with the mschapv2 and the realm in the original request
> 
> I think what happens here is the client calculates MS-CHAP2-Response
> based on username with realm. Once the Handler strips the realm part,
> the respective calculation within AuthBy is done with just the username
> part. The results will not then match and the authentication fails.
> 
> Can you add UsernameMatchesWithoutRealm into the AuthBy. This does the
> user information lookup without realm but does not change the username
> allowing MS-CHAP-V2 to succeed.
> 
> Thanks!
> Heikki
> 
> -- 
> Heikki Vatiainen <hvn at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
**************************************************
To view the terms under which this email is 
distributed, please go to 
http://www2.hull.ac.uk/legal/disclaimer.aspx
**************************************************

More information about the radiator mailing list