Hello Froilan -
On Wed, 26 Apr 2000, Froilan Mendoza wrote:
> Hello.
>
> I tried Hugh's solution on my query last March 23 (yes, I only had the
> chance to do this a month after) re: <0> symbol in the realm field.
>
> Well, there still seems to be problem. Here is the current setup:
>
> I-Manila is local ISP (i-manila.com.ph)
> I-Cebu is provincial ISP (i-cebu.com.ph)
>
> The idea is I-Manila users in Cebu should be able to connect using
> [EMAIL PROTECTED] in Cebu's trunks.
>
> The I-Manila setup is:
>
> <Client cebuserver.here.com>
> Secret xxxx
> RewriteUsername s/\0/@/ <-- remove that <0> from Merit Radius
> DupInterval 15
> IgnoreAcctSignature
> </Client>
>
>
> <Realm i-manila.com.ph>
> RewriteUsername s/^([^@]+).*/$1/ <-- get just the username
> RewriteUsername tr/0-9|a-z|\-|_//cd <-- remove any characters
> #other than [a-z], [0-9], dash and underscore
> <AuthBy EXTERNAL>
> Command /radius/radauth
> DecryptPassword
> </AuthBy>
> PasswordLogFileName %L/password.imanila.log
> </Realm>
>
>
>
> The logs however show:
>
> For local I-Manila user who uses [EMAIL PROTECTED], this example
> was able to authenticate properly:
>
> Wed Apr 26 11:04:54 2000: DEBUG: Rewrote user name to
> [EMAIL PROTECTED]
> Wed Apr 26 11:04:54 2000: DEBUG: Handling request with Handler
> 'Realm=i-manila.com.ph'
> Wed Apr 26 11:04:54 2000: DEBUG: Rewrote user name to daleones
> Wed Apr 26 11:04:54 2000: DEBUG: Rewrote user name to daleones
> Wed Apr 26 11:04:54 2000: DEBUG: Deleting session for
> [EMAIL PROTECTED], 203.167.0.34, 30
> Wed Apr 26 11:04:54 2000: DEBUG: Running command: /radius/radauth
> Wed Apr 26 11:04:55 2000: DEBUG: Access accepted for daleones
> Wed Apr 26 11:04:55 2000: DEBUG: Packet dump:
>
> For I-Manila users roaming in Cebu:
>
> Wed Apr 26 15:02:14 2000: DEBUG: Rewrote user name to
> roytest^@i-manila.com.ph
> Wed Apr 26 15:02:14 2000: DEBUG: Rewrote user name to
> [EMAIL PROTECTED]
> Wed Apr 26 15:02:14 2000: DEBUG: Handling request with Handler
> 'Realm=i-manila.com.ph'
> Wed Apr 26 15:02:14 2000: DEBUG: Rewrote user name to roytest
> Wed Apr 26 15:02:14 2000: DEBUG: Rewrote user name to roytest
> Wed Apr 26 15:02:14 2000: DEBUG: Deleting session for
> roytest^@i-manila.com.ph, 208.164.193.180, 12
> Wed Apr 26 15:02:14 2000: DEBUG: Running command: /radius/radauth
> Wed Apr 26 15:02:14 2000: DEBUG: Access accepted for roytest
> Wed Apr 26 15:02:14 2000: DEBUG: Packet dump:
>
>
> Note the differenct between [EMAIL PROTECTED] after deleting session
> when successful, and username^@i-manila.com.ph if not successful
>
Both traces above show Access accepted. The line below refers to the session
database that is always updated with the original username as it arrives from
the NAS (or proxy).
> Wed Apr 26 15:02:14 2000: DEBUG: Deleting session for
> roytest^@i-manila.com.ph, 208.164.193.180, 12
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
