<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
So this is the full version - but I'm not sure on what follows Realm - I need to remove the outer ()?:</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<Handler ConvertedFromEAPMSCHAPV2=1, Realm=/^([^@]*|\S*\@uic\.edu)\z/i>
<div>...</div>
<div>        <AuthBy NTLM></div>
<div>                UsernameMatchesWithoutRealm</div>
<div>                DefaultDomain AD</div>
<div>        </AuthBy></div>
<div>...</div>
<div></Handler></div>
<div><br>
</div>
<div><Handler ConvertedFromEAPMSCHAPV2=1></div>
<div>         <AuthBy INTERNAL></div>
<div>             DefaultResult REJECT</div>
<div>         </Handler></div>
</Handler><br>
</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<br>
</div>
<div>
<div id="Signature">
<div>
<div></div>
<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">
<div style="font-family:Tahoma; font-size:13px">---
<div><span id="ms-rterangepaste-start"></span><span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Roberto Ullfig - rullfig@uic.edu</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">
<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Systems Administrator</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">
<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Enterprise Applications & Services | Technology Solutions</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">
<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">University of Illinois - Chicago</span>
<div><span id="ms-rterangepaste-end"></span></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> radiator <radiator-bounces@lists.open.com.au> on behalf of Heikki Vatiainen <hvn@open.com.au><br>
<b>Sent:</b> Friday, January 7, 2022 9:22 AM<br>
<b>To:</b> radiator@lists.open.com.au <radiator@lists.open.com.au><br>
<b>Subject:</b> Re: [RADIATOR] Simple Question Regarding Realm Handling</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">On 7.1.2022 16.48, Ullfig, Roberto Alfredo wrote:<br>
<br>
> Why would we need to do any rejections in TunnelledByPEAP=1? We have <br>
> this in there:<br>
> <br>
>          <AuthBy FILE><br>
>                  EAPType MSCHAP-V2<br>
>                  EAP_PEAP_MSCHAP_Convert 1<br>
>          </AuthBy><br>
> <br>
> So we need two Handler ConvertedFromEAPMSCHAPV2=1 then. One to handle <br>
> uic.edu and empty realms (with a very fancy regexp) and then one to <br>
> handle the rejection of other domains.<br>
<br>
Thanks for the clarification. You're correct, in your case you can the <br>
tunnelled EAP-MSCHAP-V2 requests to plain MSCHAP-V2 and then handle the <br>
realms your are interested and reject the rest.<br>
<br>
To clarify my previous email for future refernce: When handling <br>
tunnelled and converted requests, always have a catch-all Handler that <br>
makes sure that even the unexpected cases are correctly handled.<br>
<br>
Thanks!<br>
Heikki<br>
<br>
-- <br>
Heikki Vatiainen<br>
OSC, makers of Radiator<br>
Visit radiatorsoftware.com for Radiator AAA server software<br>
_______________________________________________<br>
radiator mailing list<br>
radiator@lists.open.com.au<br>
<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&amp;data=04%7C01%7Crullfig%40uic.edu%7C6c831cee43fe4d81a50008d9d1f19820%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771658427939688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=yusa%2FXNWaLc%2BjfV5KSq5pTPxYQcmZ6LTO5VaFH4gr7o%3D&amp;reserved=0">https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&amp;data=04%7C01%7Crullfig%40uic.edu%7C6c831cee43fe4d81a50008d9d1f19820%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771658427939688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=yusa%2FXNWaLc%2BjfV5KSq5pTPxYQcmZ6LTO5VaFH4gr7o%3D&amp;reserved=0</a></div>
</span></font></div>
</body>
</html>