[RADIATOR] Simple Question Regarding Realm Handling
Ullfig, Roberto Alfredo
rullfig at uic.edu
Wed Feb 23 21:27:41 UTC 2022
Seeing some issues with the code:
Wed Feb 23 15:03:54 2022: DEBUG: Rewrote user name to user
...
Wed Feb 23 15:03:55 2022: DEBUG: Radius::AuthNTLM looks for match with user [user at uic.edu]
...
Wed Feb 23 15:03:55 2022: DEBUG: Radius::AuthNTLM REJECT: AuthBy NTLM Password check failed: user [user at uic.edu]
Wed Feb 23 15:03:55 2022: DEBUG: AuthBy NTLM result: REJECT, AuthBy NTLM Password check failed
To AD it looks like a wrong password was entered. Why do the NTLM lines have "user [user at uic.edu]" - why not just user?
---
Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
________________________________
From: Ullfig, Roberto Alfredo <rullfig at uic.edu>
Sent: Friday, January 7, 2022 2:19 PM
To: Heikki Vatiainen <hvn at open.com.au>; radiator at lists.open.com.au <radiator at lists.open.com.au>
Subject: Re: [RADIATOR] Simple Question Regarding Realm Handling
Thanks! Using "User-Name" simplifies things.
---
Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
________________________________
From: radiator <radiator-bounces at lists.open.com.au> on behalf of Heikki Vatiainen <hvn at open.com.au>
Sent: Friday, January 7, 2022 10:25 AM
To: radiator at lists.open.com.au <radiator at lists.open.com.au>
Subject: Re: [RADIATOR] Simple Question Regarding Realm Handling
On 7.1.2022 18.08, Ullfig, Roberto Alfredo wrote:
> Wait no that won't work. I assume Realm= is looking for everything after
> the @ symbol so how about this?
>
> <Handler ConvertedFromEAPMSCHAPV2=1, Realm=/^\z|^uic\.edu\z/i>
Here's one more. Now it's clear that the whole User-Name is considered
and there's no reason to think realm as a separate thing:
# One or more non-@ characters followed by @uic.edu once or not at all
<Handler ConvertedFromEAPMSCHAPV2=1, User-Name=/^[^@]+(@uic\.edu)?\z/i>
> RewriteUsername s/^([^@]+).*/$1/
> <AuthBy SUSPEND>
> Dir /mnt/global/authinfo/campus_suspend
> </AuthBy>
> <AuthBy SUSPEND>
> Dir /mnt/global/authinfo/campus_delete
> </AuthBy>
> <AuthBy WIRELESS>
> Dir /mnt/global/authinfo/wireless
> </AuthBy>
> <AuthBy NTLM>
> DefaultDomain AD
> </AuthBy>
> <AuthLog SYSLOG>
> LogSuccess 1
> LogFailure 1
> Facility local0
> SuccessFormat %T : '%U' from %N
> mac=%{OuterRequest:Calling-Station-Id} -- Authentication OK
> FailureFormat %T : '%U' from %N
> mac=%{OuterRequest:Calling-Station-Id} -- Authentication FAILED
> </AuthLog>
> </Handler>
>
> <Handler ConvertedFromEAPMSCHAPV2=1>
> <AuthBy INTERNAL>
> DefaultResult REJECT
> </Handler>
> </Handler>
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
_______________________________________________
radiator mailing list
radiator at lists.open.com.au
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7C6a07f502d3dc40a7873f08d9d1fa8084%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771696106898180%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=pubYjSFyxqQTS4WFGA9GyhcnK%2FDh4bxkbGqSxWEGyRk%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20220223/9329ce69/attachment-0001.html>
More information about the radiator
mailing list