
<html>

<head>

<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">

<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>

</head>

<body dir="ltr">

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

Wait no that won't work. I assume Realm= is looking for everything after the @ symbol so how about this?</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<Handler ConvertedFromEAPMSCHAPV2=1, Realm=/^\z|^uic\.edu\z/i>

<div>        RewriteUsername s/^([^@]+).*/$1/</div>

<div>        <AuthBy SUSPEND></div>

<div>                Dir /mnt/global/authinfo/campus_suspend</div>

<div>        </AuthBy></div>

<div>        <AuthBy SUSPEND></div>

<div>                Dir /mnt/global/authinfo/campus_delete</div>

<div>        </AuthBy></div>

<div>        <AuthBy WIRELESS></div>

<div>                Dir /mnt/global/authinfo/wireless</div>

<div>        </AuthBy></div>

<div>        <AuthBy NTLM></div>

<div>                DefaultDomain AD</div>

<div>        </AuthBy></div>

<div>        <AuthLog SYSLOG></div>

<div>                LogSuccess 1</div>

<div>                LogFailure 1</div>

<div>                Facility local0</div>

<div>                SuccessFormat %T : '%U' from %N mac=%{OuterRequest:Calling-Station-Id} -- Authentication OK</div>

<div>                FailureFormat %T : '%U' from %N mac=%{OuterRequest:Calling-Station-Id} -- Authentication FAILED</div>

<div>        </AuthLog></div>

<div></Handler></div>

<div><br>

</div>

<div><Handler ConvertedFromEAPMSCHAPV2=1></div>

<div>         <AuthBy INTERNAL></div>

<div>             DefaultResult REJECT</div>

<div>         </Handler></div>

</Handler><br>

</div>

<div>

<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">

<br>

</div>

<div id="Signature">

<div>

<div></div>

<div id="divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">

<div style="font-family:Tahoma; font-size:13px">---

<div><span id="ms-rterangepaste-start"></span><span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Roberto Ullfig - rullfig@uic.edu</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">

<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Systems Administrator</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">

<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Enterprise Applications & Services | Technology Solutions</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">

<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">University of Illinois - Chicago</span>

<div><span id="ms-rterangepaste-end"></span></div>

</div>

</div>

</div>

</div>

</div>

</div>

<div id="appendonsend"></div>

<hr style="display:inline-block;width:98%" tabindex="-1">

<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> radiator <radiator-bounces@lists.open.com.au> on behalf of Ullfig, Roberto Alfredo <rullfig@uic.edu><br>

<b>Sent:</b> Friday, January 7, 2022 9:42 AM<br>

<b>To:</b> Heikki Vatiainen <hvn@open.com.au>; radiator@lists.open.com.au <radiator@lists.open.com.au><br>

<b>Subject:</b> Re: [RADIATOR] Simple Question Regarding Realm Handling</font>

<div> </div>

</div>

<style type="text/css" style="display:none">

<!--

p

        {margin-top:0;

        margin-bottom:0}

-->

</style>

<div dir="ltr">

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

So this is the full version - but I'm not sure on what follows Realm - I need to remove the outer ()?:</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<Handler ConvertedFromEAPMSCHAPV2=1, Realm=/^([^@]*|\S*\@uic\.edu)\z/i>

<div>...</div>

<div>        <AuthBy NTLM></div>

<div>                UsernameMatchesWithoutRealm</div>

<div>                DefaultDomain AD</div>

<div>        </AuthBy></div>

<div>...</div>

<div></Handler></div>

<div><br>

</div>

<div><Handler ConvertedFromEAPMSCHAPV2=1></div>

<div>         <AuthBy INTERNAL></div>

<div>             DefaultResult REJECT</div>

<div>         </Handler></div>

</Handler><br>

</div>

<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">

<br>

</div>

<div>

<div id="x_Signature">

<div>

<div></div>

<div id="x_divtagdefaultwrapper" style="font-size:12pt; color:#000000; background-color:#FFFFFF; font-family:Calibri,Arial,Helvetica,sans-serif">

<div style="font-family:Tahoma; font-size:13px">---

<div><span id="x_ms-rterangepaste-start"></span><span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Roberto Ullfig - rullfig@uic.edu</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">

<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Systems Administrator</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">

<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">Enterprise Applications & Services | Technology Solutions</span><br style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">

<span style="font-family:arial,helvetica,sans-serif; font-size:13px; line-height:16.003px">University of Illinois - Chicago</span>

<div><span id="x_ms-rterangepaste-end"></span></div>

</div>

</div>

</div>

</div>

</div>

</div>

<div id="x_appendonsend"></div>

<hr tabindex="-1" style="display:inline-block; width:98%">

<div id="x_divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" color="#000000" style="font-size:11pt"><b>From:</b> radiator <radiator-bounces@lists.open.com.au> on behalf of Heikki Vatiainen <hvn@open.com.au><br>

<b>Sent:</b> Friday, January 7, 2022 9:22 AM<br>

<b>To:</b> radiator@lists.open.com.au <radiator@lists.open.com.au><br>

<b>Subject:</b> Re: [RADIATOR] Simple Question Regarding Realm Handling</font>

<div> </div>

</div>

<div class="x_BodyFragment"><font size="2"><span style="font-size:11pt">

<div class="x_PlainText">On 7.1.2022 16.48, Ullfig, Roberto Alfredo wrote:<br>

<br>

> Why would we need to do any rejections in TunnelledByPEAP=1? We have <br>

> this in there:<br>

> <br>

>          <AuthBy FILE><br>

>                  EAPType MSCHAP-V2<br>

>                  EAP_PEAP_MSCHAP_Convert 1<br>

>          </AuthBy><br>

> <br>

> So we need two Handler ConvertedFromEAPMSCHAPV2=1 then. One to handle <br>

> uic.edu and empty realms (with a very fancy regexp) and then one to <br>

> handle the rejection of other domains.<br>

<br>

Thanks for the clarification. You're correct, in your case you can the <br>

tunnelled EAP-MSCHAP-V2 requests to plain MSCHAP-V2 and then handle the <br>

realms your are interested and reject the rest.<br>

<br>

To clarify my previous email for future refernce: When handling <br>

tunnelled and converted requests, always have a catch-all Handler that <br>

makes sure that even the unexpected cases are correctly handled.<br>

<br>

Thanks!<br>

Heikki<br>

<br>

-- <br>

Heikki Vatiainen<br>

OSC, makers of Radiator<br>

Visit radiatorsoftware.com for Radiator AAA server software<br>

_______________________________________________<br>

radiator mailing list<br>

radiator@lists.open.com.au<br>

<a href="https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7Cf344047559ad48382d9e08d9d1f45373%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771669575400403%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=xjLP9oD9YHwVfHl6CVGNEXzdNPNZbr6cRgbp6I7lEEE%3D&reserved=0" originalsrc="https://lists.open.com.au/mailman/listinfo/radiator" shash="diqTcsmRvWKzKjCux0lyTANI3oJyi446Vexz0BPoJX6LxPJ0pDlC465F+rKNQ9yOMTgoACl+tHs/r9+8Wrir/IuXif2rwmo6CYjEIsd8pg73ANY3MIo5hqSH3jE7u6rvKHzqQzWyHyOFmRcrnwHxgoxegAMVrjIiI9nUIix/w4o=">https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&amp;data=04%7C01%7Crullfig%40uic.edu%7C6c831cee43fe4d81a50008d9d1f19820%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771658427939688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&amp;sdata=yusa%2FXNWaLc%2BjfV5KSq5pTPxYQcmZ6LTO5VaFH4gr7o%3D&amp;reserved=0</a></div>

</span></font></div>

</div>

</body>

</html>