Hello Mr Radiator, A further question, if I may ... :-)
Given the response below, what if I want the best of both worlds ? We have an NT4 domain that requires the traditional MS form of domain\username, but the 2000 domain is fine for [EMAIL PROTECTED] Will Radiator be able to handle this in the multi-realm config noted in the original response below ? Regards, Brad Cook Senior Network Engineer Tourism Queensland Level 10 Tourism Qld House 30 Makerston St Brisbane, Australia�� 4000 Ph:���� +61 7 3535 5504 Fax:��� +61 7 3535 5246 mailto:[EMAIL PROTECTED] web : http://www.tq.com.au >> Hello, >> >> I'm in the process of setting up my eval copy of Radiator 2.19 to >> authenticate users dialing into my NT domain via an Ascend NAS. >> >> No issue with the single NT4 domain , hopefully , but what if I want to be >> able to deal with users who might specify either that NT4 or our other >> native Win2000 domain in their login settings ? >> >> Our aim is that the user will specify the username+domain they require in >> their dialin profile settings (as per LAN login) , have the NAS pass the >> relevant details to the RADIUS server and have it deal with polling the >> requisite domain controller/ AD server. >> >> Can I expect to have issues, or do you have a recommended way of dealing >> with dialin users hitting a single NAS to gain access either one of two >> domains ? >> >> This is a common situation. >> You would usually deal withthis in your Radaitor configuration by creating 3 >> realm clauses. One that handles username@domain1, one for username@domain2, >> and one to handle just username. Somthing like this: > > .... > <Realm domain1.tq.com.au> > # strip the realm > RewriteUsername s/^([^@]+).*/$1/ > <AuthBy NT> > Domain domain1 > .... > </AuthBy> > </Realm> > <Realm domain2.tq.com.au> > # strip the realm > RewriteUsername s/^([^@]+).*/$1/ > <AuthBy NT> > Domain domain2 > .... > </AuthBy> > </Realm> > > # If they dont have a realm, auth from domain1 > <Realm DEFAULT> > # strip the realm > RewriteUsername s/^([^@]+).*/$1/ > <AuthBy NT> > Domain domain1 > .... > </AuthBy> > </Realm> > > > with only a little more effort, you users can use the domain\username form > instead of username@domain, but this may be incompatible with global roaming > or other plans you might have. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
