(RADIATOR) <Handler> - question...

Hugh Irvine hugh at open.com.au
Wed Jun 21 21:40:01 CDT 2006


Hello Martin -

You should set up a test environment so you can try these things for  
yourself to see what happens.

<Handler Realm = //>

will match any username with or without a realm suffix

<Handler User-Name = /\@/>

will match any username with a realm suffix

<Handler Realm =>

will match any username without a suffix

hope that helps

regards

Hugh


On 22 Jun 2006, at 01:25, Martin Wallner wrote:

> Hi All,
>
> It looks I've been a bit stuck here...
>
> Q: Is it possible, to prepare a Handler that matches for example  
> for a Called-Station-ID and a 'no realm' username?
>
> Like:
>
> <Handler Called-Station-Id = csib|csia,Realm=//>
>    handling stuff
> </Handler>
>
> <Handler Realm=/^myrealm$/i>
>    handling stuff of the same CSI's, but with realm on another  
> Authentication sheme...
> </Handler>
>
>
> which - IMHO - should match for
>
> CSI = (csia OR csib) AND Realm = ''
>
> so that I can fiddle around with calls coming in with the same two  
> CSI's, but WITH a realm in later handlers?
>
> I have multiple CSI's on one Tunnel, coming from different  
> corporations we merged in, and that would be the only way to allow  
> the 'plain' (no realm) usernames and authenticate it against one  
> LDAP-Tree that some of the customers are used to, and work (on  
> another LDAP-Tree) for the users with realms....
>
> If this is not possible, it would probably come in handy sometimes  
> to have a possibility to be able distinctivly negate, like
> <Handler Check1 = blah, Check2 != /.*/> .... :-)
>
>
> regards
> Martin Wallner (=mw=)
>
> -----
> Eunet Telekom GmbH			
> (Member of eTel-Group) 			e-mail 'martin.wallner at eunet.co.at
>
> vorm. Nextra Österreich			e-mail 'martin.wallner at nextranet.at'
> vorm. ViP EDV-Dienstleistungs GesmbH	e-mail 'hostmaster at vip.at'
> vorm. Gramtel Austria GmbH.		e-mail 'hostmaster at gramtel.at'
> Systems					RIPE:     WM355-RIPE
> Nussdorfer Lände 23			NicAT:    WM503823-NICAT
> 1190 Wien, Vienna, Austria		Tel. +43 (0) 59 1 59 - 1354
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list