(RADIATOR) Having "UsernameMatchesWithoutRealm" works in DIGIPASS authentication

Hugh Irvine hugh at open.com.au
Thu Mar 1 17:16:41 CST 2007


Salut Jerome -

Comment va la vie a la SNCF?

I'll talk to Mike about your patch (for which many thanks).

Rather than use DefaultRealm for this, I generally use an Identifier  
in the Client clauses and then Handlers based on the Identifiers.

Something like this:

.....

# define Client clauses with Identifiers

<Client 1.1.1.1>
	Identifier SomeUsefulTag
	.....
</Client>

<Client 2.2.2.2>
	Identifier SomeUsefulTag
	......
</Client>

.......

<Client m.m.m.m>
	Identifier AnotherTag
	.......
</Client>

<Client n.n.n.n>
	Identifier AnotherTag
	.....
</Client>

......

# define Handlers using Client-Identifier's

<Handler Client-Identifier = SomeUsefulTag>
	......
</Handler>

<Handler Client-Identifier = AnotherTag>
	.....
</Handler>

.....

J'espere que ca peut vous aider.

Si vous avez d'autres questions, n'hesitez pas a me contacter.

Cordialement

Hughes (qui a vecu longtemps en France ....)



On 2 Mar 2007, at 03:13, SCHELL Jérôme (Ext ASTEK) wrote:

> Hello,
>
> We are in the process of evaluating Radiator for our authentication  
> service.
> We are using VASCO DIGIPASS and a global LDAP directory.
> I am currently using the default realm functionnality of Radiator  
> at the NAS level to decide of the authentication method for the user.
> Nevertheless I don't want DIGIPASS lookups in the LDAP directory to  
> include the realm (the @realm part), so I specify the  
> "UsernameMatchesWithoutRealm" parameter in my AuthBy section.
> Unfortunately this doesn't work. The lookup for the LDAPDIGIPASS  
> module is using the username at realm form.
>
> After looking at the code (thanks Perl :) ) I made some  
> modifications that seems to solve the problem. You will find  
> attached the patch on Radius/AuthDIGIPASSGeneric.pm.
> I don't know if this modification affects other part of the product.
>
> Does anybody knows if there is another way of doing the realm strip  
> from the username for LDAPDIGIPASS authentication?
>
> Best regards,
> -- 
> Jérôme Schell
> SNCF - DSIT XIF/IN
> <AuthDIGIPASSGeneric.pm.diff>



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list