Is it possible to get Radiator to authenticate based on username only, even
if the username is rewritten to include the realm? (it is required that we
rewrite to include the realm as our radius supports over 8 different
"providers" and we need to be able to account for them all based on
username@realm, we also use Called-Station-Id to map to some realms)
All other realms are working fine as they authenticate from a custom built
authentication module which looks after this, however the below needs to be
authenticated in the following manner.
I need to be able to authenticate based on the username portion only (for
the AuthUNIX/FILE), but to use the rewritten realm for accounting and
session database entries.
Ideas? What am I missing?
If I add RewriteUsername s/^([^@]+).*/$1/ immediately after the <Authby
GROUP>, then authentication works. UsernameMatchesWithoutRealm doesn't
seem to work.
I've also tried writing seperate handlers for Authentication and
Accounting, but the problem then arises, that I can't manage the session
database (SQL) correctly with the realms.
<Handler Realm=SOUTHWEST.COM.AU>
RewriteUsername tr/A-Za-z0-9_@\.-//cd
RewriteUsername s/^([^@]+).*/$1/
RewriteUsername s/^(.*)/$1\@southwest.com.au/
RewriteUsername s/^([^@]+)(.*)/lc($1).uc($2)/e
<AuthBy GROUP>
UsernameMatchesWithoutRealm
AuthByPolicy ContinueWhileAccept
<AuthBy FILE>
UsernameMatchesWithoutRealm
Filename %D/users
RejectEmptyPassword
</AuthBy>
<AuthBy UNIX>
UsernameMatchesWithoutRealm
Identifier Unix
Filename /etc/passwd
GroupFilename /etc/group
RejectEmptyPassword
</AuthBy>
</AuthBy>
PostAuthHook file:"/etc/radiusd/radius.call"
AcctLogFileName /var/adm/radacct/%C/detail
AccountingHandled
</Handler>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
