[RADIATOR] RewriteUsername with EAP_26 PEAP not affecting %X EAP_Identity

Christian Kratzer ck-lists at cksoft.de
Wed Jul 17 12:54:09 UTC 2019

Hi Karri,

On Wed, 17 Jul 2019, Karri Huhtanen wrote:
> On Wed, 3 Jul 2019 at 13:24, Christian Kratzer <ck at cksoft.de> wrote:
> Hello,
>> I have a fun corner case again in latest Radiator-4.23-18
>> I have a setup doing TTLS EAP-MS-CHAPv2 and PEAP with EAP-MS-CHAPv2 with AuthSQL.
>> The current setup uses %X to pass a stripped EAP_Identity to the AuthSELECT
>>      SELECT password FROM table WHERE username=?
>>      AuthSelectParam %X
>> We also have another AuthBy which handles TTLS with non EAP MS-CHAPv2 where we use %w
>>      SELECT password FROM table WHERE username=?
>>      AuthSelectParam %w
>> This works fine but we also have some legacy users that we need to support that are prepending their windows domain to the username with DOMAIN\
>> As there is no matching Special in Utils.pm we tried doing this in the AuthBySQL with:
>>      RewriteUsername    s/^(.*)\\(.*)/$2/
> is there some particular reason why you are using %X instead of %0? %0
> would have the rewritten username in it. Got this tip from Heikki,
> who's currently on holiday.

Thanks for the tip. I did not realise %0 would be of any use in an EAP situation.

I will give it a test as soon as I get that coordinated with the setup in question.


Christian Kratzer                   CK Software GmbH
Email:   ck at cksoft.de               Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0       D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9       HRB 245288, Amtsgericht Stuttgart
Mobile:  +49 171 1947 843           Geschaeftsfuehrer: Christian Kratzer
Web:     http://www.cksoft.de/

More information about the radiator mailing list