On 7.1.2022 16.48, Ullfig, Roberto Alfredo wrote:
Why would we need to do any rejections in TunnelledByPEAP=1? We have
this in there:
<AuthBy FILE>
EAPType MSCHAP-V2
EAP_PEAP_MSCHAP_Convert 1
</AuthBy>
So we need two Handler ConvertedFromEAPMSCHAPV2=1 then. One to handle
uic.edu and empty realms (with a very fancy regexp) and then one to
handle the rejection of other domains.
Thanks for the clarification. You're correct, in your case you can the
tunnelled EAP-MSCHAP-V2 requests to plain MSCHAP-V2 and then handle the
realms your are interested and reject the rest.
To clarify my previous email for future refernce: When handling
tunnelled and converted requests, always have a catch-all Handler that
makes sure that even the unexpected cases are correctly handled.
Thanks!
Heikki
--
Heikki Vatiainen
OSC, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
