(RADIATOR) Groups, RewriteUsername and preserving the original request
hugh at open.com.au
Tue Apr 10 16:43:41 CDT 2007
Hello Bjoern -
What you describe below is expected and is how Radiator is designed.
Radiator processes RADIUS requests in a linear sequential manner, and
when a RewriteUsername is applied it remains.
BTW - the original username is preserved in the request as well as
the rewritten username. You can access the various parts of the
username with the special characters as defined in section 5.2 in the
Radiator 3.17 reference manual ("doc/ref.html").
If you want to keep the original username intact, you can use a hook
to add an attribute to the request which contains whatever version of
the username you require.
On 10 Apr 2007, at 18:15, Bjoern A. Zeeb wrote:
> while simplifying a config we found something that seems to be
> in Radiator by design but is not necessarily logical.
> Assuming one has a config like (just as an example):
> <AuthBy GROUP>
> RewriteUsername tr/A-Z/a-z/
> <AuthBy ..>
> <AuthBy ..>
> <AuthBy RADIUS>
> The result of the RewriteUsername inside the <AuthBy GROUP> will still
> be visible in the <AuthBy RADIUS> outside the <AuthBy GROUP>.
> If one wants to have such a behavior one would put the RewriteUsername
> inside the handler and not at that place inside the <AuthBy GROUP>.
> As said that seems to be "by design" but it might be a good idea to
> change that with a major release maybe along with entirely preserving
> the "original request" as received? (I understand that a lot of
> configs will break with the former being changed)
> Bjoern A. Zeeb
> Dipl. Ing. (BA) Bjoern A. Zeeb Research & Development
> CK Software GmbH http://www.cksoft.de/
> Schwarzwaldstr. 31 Phone: +49 7452 889 135
> D-71131 Jettingen Fax: +49 7452 889 136
> HRB245288, Amtsgericht Stuttgart Geschaeftsfuehrer:
> Christian Kratzer
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
CATool: Private Certificate Authority for Unix and Unix-like systems.
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator