On 03/03/2014 09:27 PM, r.d.ru...@lumc.nl wrote: > This goes well without using the group item. That means that the > communication with the window domain is OK . When I use the group item I > cannot get a good authentication. > > I am sure the user is a member of that specific group.
The username that checked is anonym...@lumc.nl. This is the User-Name in the inner request object that was created from PEAP tunneled authentication information. In other words, you need to use the EAP identity for the group check. To do this, you could consider this: EAPAnonymous %0 in the outer Handler's AuthBy. Change the inner TunnelledBy* Handlers so that the Realm is not considered when choosing the Handler. The inner request should now have the real EAP Identity in the User-Name and group check should work. Thanks, Heikki -- Heikki Vatiainen <h...@open.com.au> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
