Wait no that won't work. I assume Realm= is looking for everything after the @ symbol so how about this?
<Handler ConvertedFromEAPMSCHAPV2=1, Realm=/^\z|^uic\.edu\z/i> RewriteUsername s/^([^@]+).*/$1/ <AuthBy SUSPEND> Dir /mnt/global/authinfo/campus_suspend </AuthBy> <AuthBy SUSPEND> Dir /mnt/global/authinfo/campus_delete </AuthBy> <AuthBy WIRELESS> Dir /mnt/global/authinfo/wireless </AuthBy> <AuthBy NTLM> DefaultDomain AD </AuthBy> <AuthLog SYSLOG> LogSuccess 1 LogFailure 1 Facility local0 SuccessFormat %T : '%U' from %N mac=%{OuterRequest:Calling-Station-Id} -- Authentication OK FailureFormat %T : '%U' from %N mac=%{OuterRequest:Calling-Station-Id} -- Authentication FAILED </AuthLog> </Handler> <Handler ConvertedFromEAPMSCHAPV2=1> <AuthBy INTERNAL> DefaultResult REJECT </Handler> </Handler> --- Roberto Ullfig - rull...@uic.edu Systems Administrator Enterprise Applications & Services | Technology Solutions University of Illinois - Chicago ________________________________ From: radiator <radiator-boun...@lists.open.com.au> on behalf of Ullfig, Roberto Alfredo <rull...@uic.edu> Sent: Friday, January 7, 2022 9:42 AM To: Heikki Vatiainen <h...@open.com.au>; radiator@lists.open.com.au <radiator@lists.open.com.au> Subject: Re: [RADIATOR] Simple Question Regarding Realm Handling So this is the full version - but I'm not sure on what follows Realm - I need to remove the outer ()?: <Handler ConvertedFromEAPMSCHAPV2=1, Realm=/^([^@]*|\S*\@uic\.edu)\z/i> ... <AuthBy NTLM> UsernameMatchesWithoutRealm DefaultDomain AD </AuthBy> ... </Handler> <Handler ConvertedFromEAPMSCHAPV2=1> <AuthBy INTERNAL> DefaultResult REJECT </Handler> </Handler> --- Roberto Ullfig - rull...@uic.edu Systems Administrator Enterprise Applications & Services | Technology Solutions University of Illinois - Chicago ________________________________ From: radiator <radiator-boun...@lists.open.com.au> on behalf of Heikki Vatiainen <h...@open.com.au> Sent: Friday, January 7, 2022 9:22 AM To: radiator@lists.open.com.au <radiator@lists.open.com.au> Subject: Re: [RADIATOR] Simple Question Regarding Realm Handling On 7.1.2022 16.48, Ullfig, Roberto Alfredo wrote: > Why would we need to do any rejections in TunnelledByPEAP=1? We have > this in there: > > <AuthBy FILE> > EAPType MSCHAP-V2 > EAP_PEAP_MSCHAP_Convert 1 > </AuthBy> > > So we need two Handler ConvertedFromEAPMSCHAPV2=1 then. One to handle > uic.edu and empty realms (with a very fancy regexp) and then one to > handle the rejection of other domains. Thanks for the clarification. You're correct, in your case you can the tunnelled EAP-MSCHAP-V2 requests to plain MSCHAP-V2 and then handle the realms your are interested and reject the rest. To clarify my previous email for future refernce: When handling tunnelled and converted requests, always have a catch-all Handler that makes sure that even the unexpected cases are correctly handled. Thanks! Heikki -- Heikki Vatiainen OSC, makers of Radiator Visit radiatorsoftware.com for Radiator AAA server software _______________________________________________ radiator mailing list radiator@lists.open.com.au https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7C6c831cee43fe4d81a50008d9d1f19820%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771658427939688%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000&sdata=yusa%2FXNWaLc%2BjfV5KSq5pTPxYQcmZ6LTO5VaFH4gr7o%3D&reserved=0<https://nam04.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.open.com.au%2Fmailman%2Flistinfo%2Fradiator&data=04%7C01%7Crullfig%40uic.edu%7Cf344047559ad48382d9e08d9d1f45373%7Ce202cd477a564baa99e3e3b71a7c77dd%7C0%7C0%7C637771669575400403%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=xjLP9oD9YHwVfHl6CVGNEXzdNPNZbr6cRgbp6I7lEEE%3D&reserved=0>
_______________________________________________ radiator mailing list radiator@lists.open.com.au https://lists.open.com.au/mailman/listinfo/radiator