Hi Ian.
On May 13, 5:08pm, Ian Quorn wrote:
> Subject: (RADIATOR) Selective realm stripping
>
> In order to keep our users straight, we need to know the realm
> associated with each username. However, when I set Radiator to strip the
> realm via RewriteUsername, the usernames appear in the accounting files
> without the realms. We could fix this for our local realms by have
> "user@realm" in our users files instead of just "user" and removing the
> RewriteUsername clause, but that doesn't help when we're proxying auth
> requests to one of our customer's radius servers (which we have no control
> over, and some of them simply do not understand realms). I need a way to
> pass "user" to the authenticator (external radius server, local file, etc)
> while using "user@realm" for everything else (accounting records, session
> database, etc). Ideally this could be done by specifying an appropriate
> keyword in a <Realm> or <AuthBy> clause, but I'm open to other options.
>
> So, has anyone done anything like this before? If not, any ideas on the
> best way to accomplish this? Maybe a PreHandlerHook would be the best way
> to go. If not, I may have to modify the source code to store the username
> before the RewriteUsername and use it in the appropriate places. Any
> comments/advice/ideas welcome.
So you want to strip the realm from the username in proxied requests, but leave
the realm on everywhere else, including in the accounting log files?
Try putting this in your AuthBy RADIUS:
StripFromRequest User-Name
AddToRequest User-Name=%U
Hope that helps.
Cheers.
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
