Hello Ken -
On thinking about this a bit more, you should be able to do what you need like this (note the AuthBy RADIUS must be last):
# define AuthBy clauses
<AuthBy PAM> Identifier CheckPAM ..... </AuthBy>
<AuthBy RADIUS> Identifier ForwardToIAS ..... </AuthBy>
.....
# define Realms or Handlers
<Handler ...> AuthByPolicy ContinueUntilAccept AuthBy CheckPAM AuthBy ForwardToIAS .... </Handler>
Note that the AuthBy RADIUS clause operates asynchronously, so it must be last in any list of AuthBy clauses.
regards
Hugh
On Thursday, Mar 20, 2003, at 11:11 Australia/Melbourne, Kawakubo, Ken wrote:
All,
I would like Radiator to do the following.
When Radiator gets PEAP-EAP-CHAPv2 radius packets, Radiator proxies to IAS
on Windows 2003 server. When Radiator gets EAP-TTLS-PAP packets, Radiator
authenticate via Authby PAM using pam_smb. I have to do this setup because
we need to authenticate against NTLM. I can do NTLM authentication with
EAP-TTLS since I can use plaintext PAP, but I cannot do NTLM authentication
with PEAP-EAP-CHAPv2 since it uses encrypted passwords.
I got working both Radius proxy with PEAP-EAP-CHAPv2 and AuthBy PAM with
EAP-TTLS-PAP separately. But when I try to combine both packets together, I
am not getting it to work. Either one or the other fails authentication. I
have tried using AuthByPolicy and list both AuthBy clauses but it does not
seem to work.
I am wondering if there is a way to check radius packets beforehand and send
them to the appropriate AuthBy clause. The first request packet uses code 1
instead of 25 (PEAP) or 21 (EAP-TTLS) and it seems to make it difficult to
differenticate.
I appreciate any help. Thank you.
Ken Kawakubo
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.