-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Heikki,
Thanks for you comment. Although it did not work.
I changed EAPAnonymous to %0. But now Username is "" and no handler can be
found.
Fri Jul 29 13:32:06 2011: DEBUG: Handling request with Handler
'Realm=/utwente.test|utwente.test2/,
Client-Identifier=/^WLANATUT-ID$|^LOCALH
OST-ID$/', Identifier 'WLAN-OUTER-TEST'
Fri Jul 29 13:32:06 2011: DEBUG: Handling with Radius::AuthFILE:
Fri Jul 29 13:32:06 2011: DEBUG: Handling with EAP: code 2, 9, 112, 25
Fri Jul 29 13:32:06 2011: DEBUG: Response type 25
Fri Jul 29 13:32:06 2011: DEBUG: EAP PEAP inner authentication request for
Fri Jul 29 13:32:06 2011: DEBUG: PEAP Tunnelled request Packet dump:
Code: Access-Request
Identifier: UNDEF
Authentic: <177>6<209>Wz<163><198><243><230>M<179><134><155><15><207><163>
Attributes:
EAP-Message = <2><0><0><27><1>d3126217@utwente.test2
Message-Authenticator = <0><0><0><0><0><0><0><0><0><0><0><0><0><0><0><0>
NAS-IP-Address = 172.31.178.10
NAS-Identifier = "wlc-1"
NAS-Port = 13
Calling-Station-Id = "00271026a434"
User-Name = ""
Fri Jul 29 13:32:06 2011: DEBUG: EAP result: 1, No Handler for PEAP inner
authentication
Fri Jul 29 13:32:06 2011: DEBUG: AuthBy FILE result: REJECT, No Handler for
PEAP inner authentication
Fri Jul 29 13:32:06 2011: INFO: Access rejected for jupiter@utwente.test2: No
Handler for PEAP inner authentication
Fri Jul 29 13:32:06 2011: DEBUG: Packet dump:
*** Sending to 172.31.178.10 port 32770 ....
Code: Access-Reject
- -------------------------------------------------------------------
<Handler Realm=utwente.test2,
Client-Identifier=/^WLANATUT-ID$|^LOCALHOST-ID$/,TunnelledByPEAP=1>
AuthByPolicy ContinueWhileReject
AddToRequest
Calling-Station-Id=%{OuterRequest:Calling-Station-Id}
<AuthBy FILE>
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername s/^\s*//
RewriteUsername s/\s*$//
Filename %D/users-wlan-peap
NoEAP
</AuthBy>
AuthLog authlogging-wlan-peap
Identifier PEAP-inner-utwente-test2
Description WLAN
AuthLog authlogging-tent
</Handler>
<Handler Realm=/utwente.test|utwente.test2/,
Client-Identifier=/^WLANATUT-ID$|^LOCALHOST-ID$/>
<AuthBy FILE>
EAPType TTLS,PEAP
EAPTLS_CAFile
EAPTLS_CertificateFile
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile
EAPTLS_PrivateKeyPassword
EAPTLS_MaxFragmentSize 1024
EAPTLS_SessionResumption 0
AutoMPPEKeys
EAPTLS_PEAPBrokenV1Label
EAPTTLS_NoAckRequired
# %U (en %u (met realm)) zijn de Inner-auth username voor PEAP
#EAPAnonymous %u
EAPAnonymous %0
</AuthBy>
AuthLog authlogging-wlan
Identifier WLAN-OUTER-TEST
Description WLAN
AuthLog authlogging-tent
</Handler>
> On 07/26/2011 06:14 PM, Roel Hoek wrote:
>
> Hello Roel,
>
>> We experience a problem with a handler for authenticating wireless-lan
>> users. AuthBy-File for a PEAP-mschapV2 cannot match a user if
>> the outer and inner identity are not equal (normal situation).
>> It looks like the userfile is searched by the outer-identity, although the
>> inner-identity is used for authentication via LDAP.
>
> Try changing "EAPAnonymous %u" to "EAPAnonymous %0". See section
> "5.19.24 EAPAnonymous" for more info about EAPAnonymous.
>
> Your inner Handler has AuthBy FILE clause with NoEAP. Radiator will then
> use User-Name attribute instead of EAP Identity to do the authentication.
>
> With EAPAnonymous you can set the inner request User-Name the same as
> the EAP Identity is.
>
> Please let us know if this works for you.
>
> Thanks!
> Heikki
>
- --
Regards,
Roel Hoek
ICT Service Centre
University of Twente, P.O.Box 217, 7500 AE Enschede, The Netherlands
Telephone +31 53 489 4598, Fax +31 53 489 2383
r.h.h...@utwente.nl; http://www.utwente.nl/icts
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk4ysYsACgkQJwlRSGnYBcbjjACgooyw2MlzvMzll+LoRlYdpLz2
8yQAnAq9ESBiKIaeAJv5sW3/8g9MB8X8
=QhyV
-----END PGP SIGNATURE-----
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
