[RADIATOR] Preventing Computer/Machine Authentication in AuthBy NTLM
Michael Rodrigues
mrodrigues at education.ucsb.edu
Tue Apr 8 15:36:21 CDT 2014
I tried building 4.12.1 and it builds fine without the patches.
When untarring the patches tarball patches-4.12.1-20140407.tar.gz in the
Radiator directory and testing the build, test "1d" fails to pass. Am I
applying the patches correctly? I read that there was information on the
site where the patches are downloaded, but I don't have direct access to
it as a colleague maintains the account.
I'm using:
Digest::MD5 2.53
Digest::MD4 1.9
Digest::SHA 5.70
Net::SSLeay 1.42
perl 5.14.2
linux 3.5
Ubuntu 12.04
I also need to rewrite the outer identity before my AuthBy FILE sections
that check that the user is not on the blacklist. As configured, it will
check their anonymous ID against the blacklist, which does me no good.
Thanks,
Michael
On 4/7/2014 7:24 AM, Heikki Vatiainen wrote:
> On 04/02/2014 09:49 PM, Heikki Vatiainen wrote:
>
>> PostAuthHook sub { my $rp = ${$_[1]};
>> $rp->changeUserName($rp->{inner_identity}); }
>>
>> PEAP and TTLS both export the inner EAP identity (or TTLS inner username
>> when EAP is not used). The inner identity is exported to outer reply
>> message and can be retrieved as above.
>> Note: I noticed that if EAP, for example EAP-MSCHAP-V2, is used for
>> inner TTLS, the export seems not to work currently. We'll need to check why.
> This is now fixed in the latest patches for 4.12.1. The EAP identity or
> User-Name from TTLS tunnelled message is now available with
> $rp->{inner_identity}.
>
> Thanks,
> Heikki
>
>
--
Michael Rodrigues
Technical Support Services Manager
Gevirtz Graduate School of Education
Education Building 4203
(805) 893-8031
help at education.ucsb.edu
More information about the radiator
mailing list