I am not able to determine when using the %P variable, it does not pass the user password into the LDAP authentication.We are attempting to terminate the PEAP/EAP on our wireless controllers (Aruba) and pass the username and password to Radiator for authentication as this only requires a single common certificate to be presented to the clients, unless Radiator does not have an issue reusing certs on different servers?When I set the password in the config file statically, I receive an access-accept reply, however, when I attempt to use the %P parameter, the password is never included in the authentication.Suggestions would be appreciatedI have stripped the config down for testing purposes.
logfile
Description: Binary data
#Tubuluar.vm.its.uwo.ca
#
# eap_multi.cfg
#
# This config supports EAP-TTLS and EAP-PEAP proxied from an external Radius
server
#
Foreground 1
#LogStdout 1
LogDir c:/program files/radiator
DbDir c:/program files/radiator
AuthPort 1645,1812
AcctPort 1646,1813
# User a lower trace level in production systems:
#Trace 3
Trace 7
# IMPORTANT = convert user name to lower case to ensure match on uwo.ca realm
in handler match criteria
UsernameCharset a-zA-Z0-9\._@-
RewriteUsername tr/A-Z/a-z/
# UwoLDAP is used to authenticate the inner TTLS credentials and outer PEAP
credentials against LDAP
# Note requires TTLS and PEAP support
# Both userid and password are checking for inner TTLS requests
# Only the userid is checked for for outer PEAP requests
AuthBy LDAP2
Log errorLogger
Identifier UwoLDAP-LB
EAPType MSCHAP-V2
NoDefault
# Tell Radiator how to talk to the LDAP server
Hostauth.uwo.ca
AuthDN uid=%U,ou=people,o=uwo.ca,dc=its
AuthPassword%P
# Add role from LDAP to the request via the AuthAttrDef
AuthAttrDef description,Role,request
AuthAttrDef loginShell,Shell,request
AuthAttrDef uwoid,Uid,request
BaseDN o=uwo.ca,dc=its
UsernameAttruid
PasswordAttr
AddToReply Reply-Message=STF
Timeout 10
/AuthBy
# Handlers are processed sequentially - and first match applies
Handler Request-Type = Accounting-Request
Log errorLogger
AuthBy AccountingResponse
PostAuthHook file:%D/accounting.hook
/Handler
#
# Test Handler
# Handles both authenication checks and logging as mac is available.
#
Handler
AuthBy UwoLDAP
/Handler
ThanksMH
inline: western-logo-sm2.gifMichael HulkoNetwork AnalystWestern University CanadaNetwork Operations CentreInformation Technology Services1393 Western Road, SSB 3300CCLondon, Ontario N6G 1G9tel: 519-661-2111 x81390e-mail: mihu...@uwo.ca mailto:mihu...@uwo.ca
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator