(RADIATOR) AuthUNIX/FILE Authentication and realms.

Paul Rolfe paul.rolfe at team.eftel.com
Wed Sep 12 22:42:13 CDT 2001 

Is it possible to get Radiator to authenticate based on username only, even 
if the username is rewritten to include the realm?  (it is required that we 
rewrite to include the realm as our radius supports over 8 different 
"providers" and we need to be able to account for them all based on 
username at realm, we also use Called-Station-Id to map to some realms)

All other realms are working fine as they authenticate from a custom built 
authentication module which looks after this, however the below needs to be 
authenticated in the following manner.

I need to be able to authenticate based on the username portion only (for 
the AuthUNIX/FILE), but to use the rewritten realm for accounting and 
session database entries.

Ideas? What am I missing?


If I add RewriteUsername s/^([^@]+).*/$1/ immediately after the <Authby 
GROUP>, then authentication works.  UsernameMatchesWithoutRealm doesn't 
seem to work.

I've also tried writing seperate handlers for Authentication and 
Accounting, but the problem then arises, that I can't manage the session 
database (SQL) correctly with the realms.


<Handler Realm=SOUTHWEST.COM.AU>
         RewriteUsername tr/A-Za-z0-9_@\.-//cd
         RewriteUsername s/^([^@]+).*/$1/
         RewriteUsername s/^(.*)/$1\@southwest.com.au/
         RewriteUsername s/^([^@]+)(.*)/lc($1).uc($2)/e
         <AuthBy GROUP>
                 UsernameMatchesWithoutRealm
                 AuthByPolicy ContinueWhileAccept
                 <AuthBy FILE>
                         UsernameMatchesWithoutRealm
                         Filename %D/users
                         RejectEmptyPassword
                 </AuthBy>
                 <AuthBy UNIX>
                         UsernameMatchesWithoutRealm
                         Identifier Unix
                         Filename /etc/passwd
                         GroupFilename /etc/group
                         RejectEmptyPassword
                 </AuthBy>
         </AuthBy>
         PostAuthHook file:"/etc/radiusd/radius.call"
         AcctLogFileName /var/adm/radacct/%C/detail
         AccountingHandled
</Handler>



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list