Thanks! Using "User-Name" simplifies things.
---
Roberto Ullfig - rull...@uic.edu
Systems Administrator
Enterprise Applications & Services | Technology Solutions
University of Illinois - Chicago
From: radiator on behalf of Heikki
Vatiainen
Sent: Friday, January
Hi,
The AuthBy REST works wonderfully (async!), thank you again. I wonder,
however, is there is a way to force the use of IPv6 on a host (docker
container) with a dual stack.
The host where my REST auth service run is reachable through IPv6 and
IPv4 and has associated A and records. The usua
Thank you again, Heikki. The solution you proposed worked out great.
For the future readers, I ended doing this:
Debug
Identifier ssid-iotd
URL {{ injected }}
TLS_Protocols TLSv1.2
TLS_CAFile /etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
HTTP_AuthenticationScheme Basic
HTTP_Username radius
HTTP_
On 7.1.2022 18.08, Ullfig, Roberto Alfredo wrote:
Wait no that won't work. I assume Realm= is looking for everything after
the @ symbol so how about this?
>
Here's one more. Now it's clear that the whole User-Name is considered
and there's no reason to think realm as a separate thing:
#
Wait no that won't work. I assume Realm= is looking for everything after the @
symbol so how about this?
RewriteUsername s/^([^@]+).*/$1/
Dir /mnt/global/authinfo/campus_suspend
Dir /mnt/global/authinfo/campus_delete
So this is the full version - but I'm not sure on what follows Realm - I need
to remove the outer ()?:
...
UsernameMatchesWithoutRealm
DefaultDomain AD
...
DefaultResult REJECT
---
Roberto Ullfig - rull...@ui
On 7.1.2022 16.48, Ullfig, Roberto Alfredo wrote:
Why would we need to do any rejections in TunnelledByPEAP=1? We have
this in there:
EAPType MSCHAP-V2
EAP_PEAP_MSCHAP_Convert 1
So we need two Handler ConvertedFromEAPMSCHAPV2=1 then. One t
Why would we need to do any rejections in TunnelledByPEAP=1? We have this in
there:
EAPType MSCHAP-V2
EAP_PEAP_MSCHAP_Convert 1
So we need two Handler ConvertedFromEAPMSCHAPV2=1 then. One to handle uic.edu
and empty realms (with a very fancy reg
On 6.1.2022 17.37, Ullfig, Roberto Alfredo wrote:
We are now using UsernameMatchesWithoutRealm whereas before we required
the domain not be included.
...
UsernameMatchesWithoutRealm
DefaultDomain AD
But I believe this will strip remote do
On 6.1.2022 14.31, Sagar Malam wrote:
Thanks for the help. I tried the approach with authby OTP that you
suggested but once Authby LDAP2 is processed , Authby OTP is not getting
executed instead Access-Accept is sent to client.
Thanks for the log and config. It seems I made a typo in my prev
10 matches
Mail list logo