<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Ok, did that, and the connection gets farther now. I don't quite
understand how to get the other modules to use the stripped-user-name
now.<br>
<br>
rlm_attr_rewrite: Added attribute Stripped-User-Name with value
'host/itf-toshiba-asd'<br>
modcall[authorize]: module "copy.user-name" returns ok for request 6<br>
radius_xlat: '^host/(.*)'<br>
radius_xlat: 'itf-toshiba-asd$'<br>
rlm_attr_rewrite: Changed value for attribute Stripped-User-Name from
'host/itf-toshiba-asd' to 'itf-toshiba-asd$'<br>
modcall[authorize]: module "add-dollar-sign" returns ok for request 6<br>
modcall[authorize]: module "chap" returns noop for request 6<br>
modcall[authorize]: module "preprocess" returns ok for request 6<br>
modcall[authorize]: module "mschap" returns noop for request 6<br>
rlm_realm: No '\' in User-Name = "host/itf-toshiba-asd", looking up
realm NULL<br>
rlm_realm: No such realm "NULL"<br>
modcall[authorize]: module "DOMAIN" returns noop for request 6<br>
rlm_eap: EAP packet type response id 7 length 102<br>
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation<br>
modcall[authorize]: module "eap" returns updated for request 6<br>
rlm_ldap: Entering ldap_groupcmp()<br>
radius_xlat: 'dc=domain,dc=com'<br>
radius_xlat: '(uid=itf-toshiba-asd$)'<br>
_____________<br>
rad_check_password: Found Auth-Type EAP<br>
auth: type "EAP"<br>
Processing the authenticate section of radiusd.conf<br>
modcall: entering group authenticate for request 6<br>
rlm_eap: Request found, released from the list<br>
rlm_eap: EAP/peap<br>
rlm_eap: processing type peap<br>
rlm_eap_peap: Authenticate<br>
rlm_eap_tls: processing TLS<br>
eaptls_verify returned 7 <br>
rlm_eap_tls: Done initial handshake<br>
eaptls_process returned 7 <br>
rlm_eap_peap: EAPTLS_OK<br>
rlm_eap_peap: Session established. Decoding tunneled attributes.<br>
rlm_eap_peap: EAP type mschapv2<br>
rlm_eap_peap: Tunneled data is valid.<br>
PEAP: Got tunneled EAP-Message<br>
EAP-Message =
a0203913657d182f94d6ad94beee83e800686f73742f6974662d746f73686962612d617364<br>
PEAP: Setting User-Name to host/itf-toshiba-asd<br>
<br>
attr_rewrite copy.user-name {<br>
attribute = Stripped-User-Name<br>
new_attribute = yes<br>
searchfor = ""<br>
searchin = packet<br>
replacewith = "%{User-Name}"<br>
}<br>
attr_rewrite add-dollar-sign {<br>
attribute = Stripped-User-Name<br>
searchfor = "^host/(.*)"<br>
searchin = packet<br>
new_attribute = no<br>
replacewith = "%{1}$"<br>
}<br>
<br>
<br>
authorize {<br>
copy.user-name<br>
add-dollar-sign<br>
chap<br>
preprocess<br>
mschap<br>
DOMAIN<br>
eap<br>
files<br>
ldap<br>
}<br>
<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:A.L.M.Buxey@lboro.ac.uk">A.L.M.Buxey@lboro.ac.uk</a> wrote:
<blockquote cite="mid:20070706184717.GA19967@lboro.ac.uk" type="cite">
<pre wrap="">Hi,
</pre>
<blockquote type="cite">
<pre wrap="">I've about got it, but now I am getting an eap error about the username
isn't correct.
I added this about preprocess:
attr_rewrite add-dollar-sign {
attribute = User-Name
searchfor = "^host/(.*)"
searchin = packet
new_attribute = no
replacewith = "%{1}$"
}
</pre>
</blockquote>
<pre wrap=""><!---->
you cannot play with User-Name - that is returned in the EAP
conversation and if it has changed then the auth wont work.
copy the value to eg Stripped-User-Name and then use that variable
to do the auth with (as per that example page)
alan
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
</body>
</html>