
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

So this is the full version - but I'm not sure on what follows Realm - I need to remove the outer ()?:</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<Handler ConvertedFromEAPMSCHAPV2=1, Realm=/^([^@]*|\S*\@uic\.edu)\z/i>

<div>...</div>

<div>        <AuthBy NTLM></div>

<div>                UsernameMatchesWithoutRealm</div>

<div>                DefaultDomain AD</div>

<div>        </AuthBy></div>

<div>...</div>

<div></Handler></div>

<div><br>

</div>

<div><Handler ConvertedFromEAPMSCHAPV2=1></div>

<div>         <AuthBy INTERNAL></div>

<div>             DefaultResult REJECT</div>

<div>         </Handler></div>

</Handler><br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div>

<div id="Signature">

<div>

<div></div>

<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">

<div style="font-family:Tahoma; font-size:13px">---

<div><span id="ms-rterangepaste-start"></span><span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Roberto Ullfig - rullfig@uic.edu</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">

<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Systems Administrator</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">

<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Enterprise Applications & Services | Technology Solutions</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">

<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">University of Illinois - Chicago</span>

<div><span id="ms-rterangepaste-end"></span></div>

</div>

</div>

</div>

</div>

</div>

</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> radiator <radiator-bounces@lists.open.com.au> on behalf of Heikki Vatiainen <hvn@open.com.au><br>

<b>Sent:</b> Friday, January 7, 2022 9:22 AM<br>

<b>To:</b> radiator@lists.open.com.au <radiator@lists.open.com.au><br>

<b>Subject:</b> Re: [RADIATOR] Simple Question Regarding Realm Handling</font>

<div> </div>

</div>

<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">

<div class="PlainText">On 7.1.2022 16.48, Ullfig, Roberto Alfredo wrote:<br>

<br>

> Why would we need to do any rejections in TunnelledByPEAP=1? We have <br>

> this in there:<br>

> <br>

>          <AuthBy FILE><br>

>                  EAPType MSCHAP-V2<br>

>                  EAP_PEAP_MSCHAP_Convert 1<br>

>          </AuthBy><br>

> <br>

> So we need two Handler ConvertedFromEAPMSCHAPV2=1 then. One to handle <br>

> uic.edu and empty realms (with a very fancy regexp) and then one to <br>

> handle the rejection of other domains.<br>

<br>

Thanks for the clarification. You're correct, in your case you can the <br>

tunnelled EAP-MSCHAP-V2 requests to plain MSCHAP-V2 and then handle the <br>

realms your are interested and reject the rest.<br>

<br>

To clarify my previous email for future refernce: When handling <br>

tunnelled and converted requests, always have a catch-all Handler that <br>

makes sure that even the unexpected cases are correctly handled.<br>

<br>

Thanks!<br>

Heikki<br>

<br>

-- <br>

Heikki Vatiainen<br>

OSC, makers of Radiator<br>

Visit radiatorsoftware.com for Radiator AAA server software<br>

_______________________________________________<br>

radiator mailing list<br>

radiator@lists.open.com.au<br>

<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&amp;data=04%7C01%7Crullfig%40uic.edu%7C6c831cee43fe4d81a50008d9d1f19820%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771658427939688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=yusa%2FXNWaLc%2BjfV5KSq5pTPxYQcmZ6LTO5VaFH4gr7o%3D&amp;reserved=0">https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&amp;data=04%7C01%7Crullfig%40uic.edu%7C6c831cee43fe4d81a50008d9d1f19820%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771658427939688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=yusa%2FXNWaLc%2BjfV5KSq5pTPxYQcmZ6LTO5VaFH4gr7o%3D&amp;reserved=0</a></div>

</span></font></div>

</body>

</html>