(RADIATOR) Authby failover

Hugh Irvine hugh at open.com.au
Wed Mar 24 18:10:25 CST 2004 

Hello James -

You will need to use an AuthBy GROUP around the second AuthBy SQL with 
a RewriteUsername to change the realm suffix.

	AuthByPolicy ContinueUntilAccept

	<AuthBy SQL>
		.....
	</AuthBy>

	<AuthBy GROUP>
		RewriteUsername ....
		<AuthBy SQL>
			.....
		</AuthBy>
	</AuthBy>


Hope that helps.

regards

Hugh	



On 25 Mar 2004, at 11:04, James Nelson wrote:

> Here's how are Authby is setup now:
>
>    <AuthBy SQL>
>
>        DBSource     dbi:mysql:xxxxxx
>        DBUsername     xxxxxx
>        DBAuth         xxxxxx
>
>        AuthSelect select CONCAT('{MD5}',Password) from Customers where 
> UserName=%0 AND Termed = 0
>
>    </AuthBy>
>
> The users will be stored as user(at)realm.net in a mysql database.  
> The radius requests will be received as user(at)realm.net.  The 
> problem comes in that some (but not all) of the users will be using 
> the wrong realm, and still others will (correctly) use either of the 
> two realms to authenticate.
>
> ::James Nelson
>
>
> Hugh Irvine wrote:
>
>>
>> Hello James -
>>
>> How are you doing the authentication? And how are the usernames 
>> stored?
>>
>> regards
>>
>> Hugh
>>
>>
>> On 25 Mar 2004, at 10:10, James Nelson wrote:
>>
>>> This is a little unusual and is not real good design (one reason I 
>>> tell people around here they need to plan things a little farther 
>>> ahead than they do), but I am stuck with a situation where we may 
>>> need to authenticate some of our users against 2 different realms 
>>> and send an accept if either one match.  Example:
>>>
>>> User sends "user(at)realm1.net"
>>> Radiator tries to auth this and fails with bad username or password, 
>>> so attempts to auth "user(at)realm2.net" and suceeds.  Radiator then 
>>> sends an "Access-Accept" response.
>>>
>>> Is this even possible?  If so, care to lend me some guidance?
>>>
>>> Thanks,
>>> ::James Nelson
>>>
>>> -- 
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list