[RADIATOR] lumc.nl question about AuthBy LSA

Heikki Vatiainen hvn at open.com.au
Tue Mar 4 02:28:28 CST 2014


On 03/03/2014 09:27 PM, R.D.Runia at lumc.nl wrote:

> This goes well without using the group item. That means that the
> communication with the window domain is OK . When I use the group item I
> cannot get a good authentication.
> 
> I am sure the user is a member of that specific group.

The username that checked is anonymous at lumc.nl. This is the User-Name in
the inner request object that was created from PEAP tunneled
authentication information. In other words, you need to use the EAP
identity for the group check.

To do this, you could consider this:

EAPAnonymous %0

in the outer Handler's AuthBy.

Change the inner TunnelledBy* Handlers so that the Realm is not
considered when choosing the Handler.

The inner request should now have the real EAP Identity in the User-Name
and group check should work.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list