[RADIATOR] Preventing Computer/Machine Authentication in AuthBy NTLM

Heikki Vatiainen hvn at open.com.au
Mon Apr 7 09:24:17 CDT 2014


On 04/02/2014 09:49 PM, Heikki Vatiainen wrote:

> PostAuthHook sub { my $rp = ${$_[1]};
> $rp->changeUserName($rp->{inner_identity}); }
> 
> PEAP and TTLS both export the inner EAP identity (or TTLS inner username
> when EAP is not used). The inner identity is exported to outer reply
> message and can be retrieved as above.

> Note: I noticed that if EAP, for example EAP-MSCHAP-V2, is used for
> inner TTLS, the export seems not to work currently. We'll need to check why.

This is now fixed in the latest patches for 4.12.1. The EAP identity or
User-Name from TTLS tunnelled message is now available with
$rp->{inner_identity}.

Thanks,
Heikki


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list