[RADIATOR] Simple Question Regarding Realm Handling

Fri Jan 7 15:42:11 UTC 2022

So this is the full version - but I'm not sure on what follows Realm - I need to remove the outer ()?:

<Handler ConvertedFromEAPMSCHAPV2=1, Realm=/^([^@]*|\S*\@uic\.edu)\z/i>
...
        <AuthBy NTLM>
                UsernameMatchesWithoutRealm
                DefaultDomain AD
        </AuthBy>
...
</Handler>

<Handler ConvertedFromEAPMSCHAPV2=1>
         <AuthBy INTERNAL>
             DefaultResult REJECT
         </Handler>
</Handler>

---
Roberto Ullfig - rullfig at uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
________________________________
From: radiator <radiator-bounces at lists.open.com.au> on behalf of Heikki Vatiainen <hvn at open.com.au>
Sent: Friday, January 7, 2022 9:22 AM
To: radiator at lists.open.com.au <radiator at lists.open.com.au>
Subject: Re: [RADIATOR] Simple Question Regarding Realm Handling

On 7.1.2022 16.48, Ullfig, Roberto Alfredo wrote:

> Why would we need to do any rejections in TunnelledByPEAP=1? We have
> this in there:
>
>          <AuthBy FILE>
>                  EAPType MSCHAP-V2
>                  EAP_PEAP_MSCHAP_Convert 1
>          </AuthBy>
>
> So we need two Handler ConvertedFromEAPMSCHAPV2=1 then. One to handle
> uic.edu and empty realms (with a very fancy regexp) and then one to
> handle the rejection of other domains.

Thanks for the clarification. You're correct, in your case you can the
tunnelled EAP-MSCHAP-V2 requests to plain MSCHAP-V2 and then handle the
realms your are interested and reject the rest.

To clarify my previous email for future refernce: When handling
tunnelled and converted requests, always have a catch-all Handler that
makes sure that even the unexpected cases are correctly handled.

Thanks!
Heikki

--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
_______________________________________________
radiator mailing list
radiator at lists.open.com.au
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7C6c831cee43fe4d81a50008d9d1f19820%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771658427939688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=yusa%2FXNWaLc%2BjfV5KSq5pTPxYQcmZ6LTO5VaFH4gr7o%3D&reserved=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20220107/8dbd6cff/attachment.html>