On 05/22/2011 06:25 PM, [email protected] wrote:
> I’ve met some problem when added Realm to my username. Below is my debug log:
Try UsernameMatchesWithoutRealm instead of using RewriteUsername. Please
see below for more.
> Attributes:
> User-Name = "alex@tx"
> MS-CHAP-Challenge =
> <211><236><200><0>~<143><30><242>?<14><13><189><155><233><198><20>
> MS-CHAP2-Response =
> <0><0>#<198>&<232><139><232>t?<247><5>b<232>\<145><14><140><0><0><0><0><0><0><0><0>Kk<128>e-j<130><233><163><158><138>1<175><228>`N8u<209>^<245><182>0<252>
You are using MS-CHAP-V2 so no plain text password is received by
Radiator. The Challenges and responses are calculated with the username
as one component, so Radiator has to use the same username as the client
did when it checks the challenge.
> Sun May 22 18:08:09 2011: DEBUG: Rewrote user name to alex
Rewrote breaks things.
> And my radius.cfg:
> <Realm tx>
> RewriteUsername s/^([^@]+).*/$1/
Remove the above.
> <AuthBy LDAP2>
> NoDefault
> TranslatePasswordHook sub {return "{nthash}$_[0]";}
Add UsernameMatchesWithoutRealm here
Please let us know if the above helps.
Thanks!
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
