On 23.7.2021 18.03, Ullfig, Roberto Alfredo wrote:
Can we specify the error message to return to the user with:
RejectReason you must specify your domain...
or must that be done on the wireless controller?
I think the wireless controller would need to take Reply-Message
attribute contents from Access-Reject and somehow send it to the
wireless client.
I'm not completely sure, but I don't think it's possible. The EAP
messaging that goes over the wireless hop isn't capable to do it, I'd say.
One option might be to create a Handler for realmless users that
authenticates them and then drops them to a VLAN which is a walled
garden. There they would always be redirected to a web page with
information about what they should do to get full access. It might be a
bit heave solution though.
Currently when a user fails to enter their domain the error message they
get says to "move closer".
Is that something you generate locally or does it come from somewhere
else, such as, eduroam?
Thanks,
Heikki
---
Roberto Ullfig - [email protected]
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
------------------------------------------------------------------------
*From:* radiator <[email protected]> on behalf of
Heikki Vatiainen <[email protected]>
*Sent:* Wednesday, July 14, 2021 12:05 PM
*To:* [email protected] <[email protected]>
*Subject:* Re: [RADIATOR] we're sending empty realms to eduroam tlrs
servers
On 13.7.2021 22.38, Ullfig, Roberto Alfredo wrote:
So I noticed a doc here for handling empty realms:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.geant.org%2Fpages%2Fviewpage.action%3FpageId%3D121346324&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RNp0yd6TCOW%2Fbrz6V2Gai1Z8UEMiYi0RZTN82HXjNdc%3D&reserved=0
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwiki.geant.org%2Fpages%2Fviewpage.action%3FpageId%3D121346324&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=RNp0yd6TCOW%2Fbrz6V2Gai1Z8UEMiYi0RZTN82HXjNdc%3D&reserved=0>
Are the Handlers executed in order from top to bottom?
Yes. The handler order, Handler check items, '...' in <Handler ...>, and
Handler - Realm relationship is discussed in more detail here:
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffiles.radiatorsoftware.com%2Fradiator%2Fref%2FHandler.html&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7PeV5r7PeUvK4gsVkv90LQyC9JtQmAKyNBbfpXw9JSQ%3D&reserved=0
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Ffiles.radiatorsoftware.com%2Fradiator%2Fref%2FHandler.html&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=7PeV5r7PeUvK4gsVkv90LQyC9JtQmAKyNBbfpXw9JSQ%3D&reserved=0>
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dp4a19ZL9cZ4h2L23R%2BOKSu4AGR6QPf%2FudEomA6Vok8%3D&reserved=0
<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7C729062472404475be16308d946e9cede%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637618792275449703%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=dp4a19ZL9cZ4h2L23R%2BOKSu4AGR6QPf%2FudEomA6Vok8%3D&reserved=0>
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
