Hi Heikki, Thanks for the response. We are currently still on evaluation stage, and having the trial version installed. I can not see the source code of the radiator but I'm interested to do some hacking.
Just few more questions : - How does radiator know the location of ntlm_auth? Is it using standard linux path ? - Is it possible to specify ntlm_auth location so it doesn't use the standard one ? Regards, Rianto -----Original Message----- From: Heikki Vatiainen [mailto:[email protected]] Sent: Friday, 18 February 2011 7:47 AM To: Rianto Wahyudi Cc: [email protected] Subject: Re: [RADIATOR] UserName Rewrite Function On 02/17/2011 02:44 AM, Rianto Wahyudi wrote: > We have MySQL database containing email alias which map into Active Directory > user. > Ie : [email protected] mapped to [email protected] > > > I would like to utilize this database so user can login with their email > address or their AD username. > Is it possible to pass UserNameRewrite to a function or another perl script ? RewriteUserName expects its argument to be something that Perl binding operator can use: http://perldoc.perl.org/perlop.html#Binding-Operators For me it looks like you can not use a function to map the email addresses to AD usernames. > All authentication are done via NTLM, and I believe radiator use ntlm_auth > program. > Is it possible to create a wrapper for ntlm_auth script ? This is an interesting idea. Ntlm_auth is launced with open2() function http://perldoc.perl.org/IPC/Open2.html Parameters are written with print() to $chld_out and read with readline() from $child_in. A single dot signals the end of input or output as documented by ntlm_auth man page. So the communcation is quite simple and if you decide to give this a try, it would be interesting to hear about the results. > Here is my handler setup : > > # STUDENTS DOMAIN TTLS > <Handler Client-Identifier=Eduroam-Server, > TunnelledByTTLS=1,Realm=/students.*/i> > RewriteUsername s/^\@.*// > <AuthBy NTLM> > EAPType MSCHAP-V2 > Domain STUDENTS > UsernameMatchesWithoutRealm > </AuthBy> > </Handler> -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
