(RADIATOR) Authenticating against multiple NT & 2000 domains

brad.cook at tq.com.au brad.cook at tq.com.au
Tue Jan 29 23:54:32 CST 2002 

Hello Mr Radiator,

A further question, if I may ... :-)

Given the response below, what if I want the best of both worlds ?

We have an NT4 domain that requires the traditional MS form of
domain\username, but the 2000 domain is fine for username at tq.com.au

Will Radiator be able to handle this in the multi-realm config noted in the
original response below ?

Regards,

Brad Cook
Senior Network Engineer
Tourism Queensland
Level 10 Tourism Qld House
30 Makerston St
Brisbane, Australia   4000

Ph:     +61 7 3535 5504
Fax:    +61 7 3535 5246
mailto:Brad.Cook at tq.com.au
web : http://www.tq.com.au


>>  Hello,
>>
>>  I'm in the process of setting up my eval copy of Radiator 2.19 to
>>  authenticate users dialing into my NT domain via an Ascend NAS.
>>
>>  No issue with the single NT4 domain , hopefully , but what if I want to
be
>>  able to deal with users who might specify either that NT4 or our other
>>  native Win2000 domain in their login settings ?
>>
>>  Our aim is that the user will specify the username+domain they require
in
>>  their dialin profile settings (as per LAN login) , have the NAS pass
the
>>  relevant details to the RADIUS server and have it deal with polling the
>>  requisite domain controller/ AD server.
>>
>>  Can I expect to have issues, or do you have a recommended way of
dealing
>>  with dialin users hitting a single NAS to gain access either one of two
>>  domains ?
>>
>>  This is a common situation.
>>  You would usually deal withthis in your Radaitor configuration by
creating 3
>> realm clauses. One that handles username at domain1, one for
username at domain2,
>>  and one to handle just username. Somthing like this:
>
> ....
> <Realm domain1.tq.com.au>
>    # strip the realm
>    RewriteUsername     s/^([^@]+).*/$1/
>    <AuthBy NT>
>         Domain domain1
>         ....
>    </AuthBy>
> </Realm>
> <Realm domain2.tq.com.au>
>    # strip the realm
>    RewriteUsername     s/^([^@]+).*/$1/
>    <AuthBy NT>
>         Domain domain2
>         ....
>    </AuthBy>
> </Realm>
>
> # If they dont have a realm, auth from domain1
> <Realm DEFAULT>
>    # strip the realm
>    RewriteUsername     s/^([^@]+).*/$1/
>    <AuthBy NT>
>         Domain domain1
>         ....
>    </AuthBy>
> </Realm>
>
>
> with only a little more effort, you users can use the domain\username
form
> instead of username at domain, but this may be incompatible with global
roaming
> or other plans you might have.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list