(RADIATOR) Authby failover
Hugh Irvine
hugh at open.com.au
Wed Mar 24 18:10:25 CST 2004
Hello James -
You will need to use an AuthBy GROUP around the second AuthBy SQL with
a RewriteUsername to change the realm suffix.
AuthByPolicy ContinueUntilAccept
<AuthBy SQL>
.....
</AuthBy>
<AuthBy GROUP>
RewriteUsername ....
<AuthBy SQL>
.....
</AuthBy>
</AuthBy>
Hope that helps.
regards
Hugh
On 25 Mar 2004, at 11:04, James Nelson wrote:
> Here's how are Authby is setup now:
>
> <AuthBy SQL>
>
> DBSource dbi:mysql:xxxxxx
> DBUsername xxxxxx
> DBAuth xxxxxx
>
> AuthSelect select CONCAT('{MD5}',Password) from Customers where
> UserName=%0 AND Termed = 0
>
> </AuthBy>
>
> The users will be stored as user(at)realm.net in a mysql database.
> The radius requests will be received as user(at)realm.net. The
> problem comes in that some (but not all) of the users will be using
> the wrong realm, and still others will (correctly) use either of the
> two realms to authenticate.
>
> ::James Nelson
>
>
> Hugh Irvine wrote:
>
>>
>> Hello James -
>>
>> How are you doing the authentication? And how are the usernames
>> stored?
>>
>> regards
>>
>> Hugh
>>
>>
>> On 25 Mar 2004, at 10:10, James Nelson wrote:
>>
>>> This is a little unusual and is not real good design (one reason I
>>> tell people around here they need to plan things a little farther
>>> ahead than they do), but I am stuck with a situation where we may
>>> need to authenticate some of our users against 2 different realms
>>> and send an accept if either one match. Example:
>>>
>>> User sends "user(at)realm1.net"
>>> Radiator tries to auth this and fails with bad username or password,
>>> so attempts to auth "user(at)realm2.net" and suceeds. Radiator then
>>> sends an "Access-Accept" response.
>>>
>>> Is this even possible? If so, care to lend me some guidance?
>>>
>>> Thanks,
>>> ::James Nelson
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list