[RADIATOR] Simple Question Regarding Realm Handling
Heikki Vatiainen
hvn at open.com.au
Fri Jan 7 15:22:18 UTC 2022
On 7.1.2022 16.48, Ullfig, Roberto Alfredo wrote:
> Why would we need to do any rejections in TunnelledByPEAP=1? We have
> this in there:
>
> <AuthBy FILE>
> EAPType MSCHAP-V2
> EAP_PEAP_MSCHAP_Convert 1
> </AuthBy>
>
> So we need two Handler ConvertedFromEAPMSCHAPV2=1 then. One to handle
> uic.edu and empty realms (with a very fancy regexp) and then one to
> handle the rejection of other domains.
Thanks for the clarification. You're correct, in your case you can the
tunnelled EAP-MSCHAP-V2 requests to plain MSCHAP-V2 and then handle the
realms your are interested and reject the rest.
To clarify my previous email for future refernce: When handling
tunnelled and converted requests, always have a catch-all Handler that
makes sure that even the unexpected cases are correctly handled.
Thanks!
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
More information about the radiator
mailing list