Hi Bjoern and others,
thanks for your patch. It is now in the latest patch set.
I take it you would like to see the included AllowInReply parameter included
in the sample goodies/dnsroam.cfg?
If you have other suggestions for improving the example goodies/dnsroam.cfg I
would welcome that too.
Ceers.
On Thursday, March 29, 2012 05:04:13 PM Bjoern A. Zeeb wrote:
> Hi Mike, all,
>
> A patch and a suggestion for goodies below.
>
> A lot of people seem to use Radiator with EduRoam and after two
> debugging sessions, the first to find the cause why it's not working
> for a user and the 2nd to apply the below patch, things are significantly
> starting to improve for a couple of users who's IdPs send out weird
> atttributed incl. VLAN asignments etc.
>
> Not sure if we should pass down all section 5.7.18 ref.pdf options
> down from the AuthDNSROAM patch below, but these two seem essential
> as having them in and not working might lead to unexpected results.
>
> My somehow excessive attribute filter list fuer Eduroam currently is
> AllowInReply User-Name, \
> Class, \
> Framed-Protocol, \
> Service-Type, \
> EAP-Message, \
> Message-Authenticator, \
> MS-MPPE-Send-Key, \
> MS-MPPE-Recv-Key, \
> MS-CHAP-Domain, \
> MS-CHAP2-Success, \
> Proxy-State
>
> with Framed-Protocol at least being excessive and should
> probably be static and Service-Type probably be restricted.
>
> I wonder if others have a comment on that list; I have been told
> another (open source) radius software comes with a pre-defined
> list but have not checked, so I think putting that into goodies,
> if not there yet, for AuthDNSRoam/Eduraom samples would be an
> excellent idea:)
>
>
> Special thanks go to Stefan Winter and Ronald van der Pol for
> the debugging sessions to figure out the VLAN problem while here
> at IETF83.
>
> Apart from that Radiator seems to do great wrt to DNSRoam and
> I am looking forward for the draft to be updated and the latest
> things that have been offically assigned to be sorted. Great!
> Thanks a lot for that!
>
> Thanks,
> /bz
>
> --- AuthDNSROAM.pm.orig 2011-09-29 21:51:05.000000000 +0000
> +++ AuthDNSROAM.pm 2012-03-29 16:16:09.000000000 +0000
> @@ -285,6 +285,7 @@ sub addRoute
> (qw(Address Transport Protocol Port UseTLS SRVName
>
> StripFromRequest AddToRequest ReplyHook ReplyHook.compiled
> NoReplyHook NoReplyHook.compiled + StripFromReply AllowInReply
> NoForwardAuthentication NoForwardAccounting AllowInRequest
>
> NoreplyTimeout IgnoreReject
> @@ -390,6 +391,7 @@ sub handle_request
> (map {defined $self->{$_} ? ($_ => $self->{$_}) : ()}
> (qw(Port Secret
> StripFromRequest AddToRequest ReplyHook
> ReplyHook.compiled NoReplyHook NoReplyHook.compiled +
> StripFromReply AllowInReply
> NoForwardAuthentication NoForwardAccounting
> AllowInRequest NoreplyTimeout IgnoreReject
> IgnoreAccountingResponse MaxBufferSize
> @@ -414,6 +416,7 @@ sub handle_request
> # Copy parameters from $self:
> (map {defined $self->{$_} ? ($_ => $self->{$_}) : ()}
> (qw(StripFromRequest AddToRequest ReplyHook
> ReplyHook.compiled NoReplyHook NoReplyHook.compiled +
> StripFromReply AllowInReply
> NoForwardAuthentication NoForwardAccounting
> AllowInRequest AuthPort AcctPort Secret Retries RetryTimeout
> UseOldAscendPasswords ServerHasBrokenPortNumbers ServerHasBrokenAddresses
> IgnoreReplySignature
--
Mike McCauley [email protected]
Open System Consultants Pty. Ltd
9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au
Phone +61 7 5598-7474 Fax +61 7 5598-7070
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
