I changed the following code in AuthByLSA.pm:
# If this is obviously a host name, strip the host part
# so we can check group membership
if ($username =~ /^host\/([^\.]+)/)
{
$username = "$1\$";
}
# Line Added
$username =~ s/@[...@]*$// if $self->{UsernameMatchesWithoutRealm};
--
Neil Johnson
Network Engineer
Information Technology Services
The University of Iowa
319 384-0938
[email protected]
> -----Original Message-----
> From: Johnson, Neil M
> Sent: Wednesday, November 17, 2010 11:04 AM
> To: Johnson, Neil M; [email protected]
> Subject: RE: Add UsernameMatchesWithoutRealm to Auth by LSA
>
> Hmmm, it appears to be in the source code, but doesn't seem to work.
> Something to do with group checking ?
>
> -Neil
>
>
> Wed Nov 17 10:55:20 2010: DEBUG: Handling request with Handler
> 'TunnelledByPEAP=1', Identifier ''
> Wed Nov 17 10:55:20 2010: DEBUG: Deleting session for
> [email protected], 128.255.11.74, 18433
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with Radius::AuthLSA:
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with EAP: code 2, 10, 72, 26
> Wed Nov 17 10:55:20 2010: DEBUG: Response type 26
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA looks for match with
> radtest [[email protected]]
> Wed Nov 17 10:55:20 2010: DEBUG: Checking LSA Group membership for
> \\IOWADC1, ITS-WIRELESS-IOWA, [email protected]
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA
> User is not a member of any Group: radtest [[email protected]]
> Wed Nov 17 10:55:20 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> no such user radtest
> Wed Nov 17 10:55:20 2010: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP
> V2 failed: no such user radtest
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with Radius::AuthLSA:
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with EAP: code 2, 10, 72, 26
> Wed Nov 17 10:55:20 2010: DEBUG: Response type 26
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA looks for match with
> radtest [[email protected]]
> Wed Nov 17 10:55:20 2010: DEBUG: Checking LSA Group membership for
> \\IOWADC1, ITS-WIRELESS-QUARANTINE, [email protected]
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthLSA REJECT: AuthBy LSA
> User is not a member of any Group: radtest [[email protected]]
> Wed Nov 17 10:55:20 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> no such user radtest
> Wed Nov 17 10:55:20 2010: DEBUG: AuthBy LSA result: REJECT, EAP MSCHAP
> V2 failed: no such user radtest
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with Radius::AuthFILE:
> Wed Nov 17 10:55:20 2010: DEBUG: Handling with EAP: code 2, 10, 72, 26
> Wed Nov 17 10:55:20 2010: DEBUG: Response type 26
> Wed Nov 17 10:55:20 2010: DEBUG: Reading users file c:\Program
> Files\Radiator/eduroam_test_users
> Wed Nov 17 10:55:20 2010: DEBUG: Radius::AuthFILE looks for match with
> [email protected] [[email protected]]
> Wed Nov 17 10:55:21 2010: DEBUG: Radius::AuthFILE REJECT: No such user:
> [email protected] [[email protected]]
> Wed Nov 17 10:55:21 2010: DEBUG: EAP result: 1, EAP MSCHAP V2 failed:
> no such user [email protected]
> Wed Nov 17 10:55:21 2010: DEBUG: AuthBy FILE result: REJECT, EAP MSCHAP
> V2 failed: no such user [email protected]
> Wed Nov 17 10:55:21 2010: INFO: Access rejected for [email protected]:
> EAP MSCHAP V2 failed: no such user [email protected]
> Wed Nov 17 10:55:21 2010: DEBUG: PostProcessing Hook: called.
> Wed Nov 17 10:55:21 2010: DEBUG: Returned PEAP tunnelled packet dump:
> Code: Access-Reject
>
> --
> Neil Johnson
> Network Engineer
> Information Technology Services
> The University of Iowa
> 319 384-0938
> [email protected]
>
>
> > -----Original Message-----
> > From: [email protected] [mailto:radiator-
> > [email protected]] On Behalf Of Johnson, Neil M
> > Sent: Wednesday, November 17, 2010 10:39 AM
> > To: [email protected]
> > Subject: [RADIATOR] Add UsernameMatchesWithoutRealm to Auth by LSA
> >
> >
> > Would it be possible to add the "UsernameMatchesWithoutRealm" to the
> > "AuthBy LSA" method ?
> >
> > -Neil
> >
> >
> > --
> > Neil Johnson
> > Network Engineer
> > Information Technology Services
> > The University of Iowa
> > 319 384-0938
> > [email protected]
> >
> >
> > _______________________________________________
> > radiator mailing list
> > [email protected]
> > http://www.open.com.au/mailman/listinfo/radiator
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
