(RADIATOR) Authenticating against multiple NT & 2000 domains

Hugh Irvine hugh at open.com.au
Wed Jan 30 19:25:06 CST 2002 

Hello Brad -

Yes, you can use multiple RewriteUsernames to do whaterer is required.

regards

Hugh


On Wed, 30 Jan 2002 16:54, brad.cook at tq.com.au wrote:
> Hello Mr Radiator,
>
> A further question, if I may ... :-)
>
> Given the response below, what if I want the best of both worlds ?
>
> We have an NT4 domain that requires the traditional MS form of
> domain\username, but the 2000 domain is fine for username at tq.com.au
>
> Will Radiator be able to handle this in the multi-realm config noted in the
> original response below ?
>
> Regards,
>
> Brad Cook
> Senior Network Engineer
> Tourism Queensland
> Level 10 Tourism Qld House
> 30 Makerston St
> Brisbane, Australia   4000
>
> Ph:     +61 7 3535 5504
> Fax:    +61 7 3535 5246
> mailto:Brad.Cook at tq.com.au
> web : http://www.tq.com.au
>
> >>  Hello,
> >>
> >>  I'm in the process of setting up my eval copy of Radiator 2.19 to
> >>  authenticate users dialing into my NT domain via an Ascend NAS.
> >>
> >>  No issue with the single NT4 domain , hopefully , but what if I want to
>
> be
>
> >>  able to deal with users who might specify either that NT4 or our other
> >>  native Win2000 domain in their login settings ?
> >>
> >>  Our aim is that the user will specify the username+domain they require
>
> in
>
> >>  their dialin profile settings (as per LAN login) , have the NAS pass
>
> the
>
> >>  relevant details to the RADIUS server and have it deal with polling the
> >>  requisite domain controller/ AD server.
> >>
> >>  Can I expect to have issues, or do you have a recommended way of
>
> dealing
>
> >>  with dialin users hitting a single NAS to gain access either one of two
> >>  domains ?
> >>
> >>  This is a common situation.
> >>  You would usually deal withthis in your Radaitor configuration by
>
> creating 3
>
> >> realm clauses. One that handles username at domain1, one for
>
> username at domain2,
>
> >>  and one to handle just username. Somthing like this:
> >
> > ....
> > <Realm domain1.tq.com.au>
> >    # strip the realm
> >    RewriteUsername     s/^([^@]+).*/$1/
> >    <AuthBy NT>
> >         Domain domain1
> >         ....
> >    </AuthBy>
> > </Realm>
> > <Realm domain2.tq.com.au>
> >    # strip the realm
> >    RewriteUsername     s/^([^@]+).*/$1/
> >    <AuthBy NT>
> >         Domain domain2
> >         ....
> >    </AuthBy>
> > </Realm>
> >
> > # If they dont have a realm, auth from domain1
> > <Realm DEFAULT>
> >    # strip the realm
> >    RewriteUsername     s/^([^@]+).*/$1/
> >    <AuthBy NT>
> >         Domain domain1
> >         ....
> >    </AuthBy>
> > </Realm>
> >
> >
> > with only a little more effort, you users can use the domain\username
>
> form
>
> > instead of username at domain, but this may be incompatible with global
>
> roaming
>
> > or other plans you might have.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list