[RADIATOR] evaluating radiator: mixing backends in 1 handler + multiple realms

ronald higgins ronald.higgins at gmail.com
Fri Apr 23 04:37:19 CDT 2010


Greetings fellow radiator users,

I'm hoping the veterans amongst might be able to assist with 2 queries
regarding radiator.

First question is relatively simple.

Can I match mutiple realms within a handler instead of having a
handler per realm like below?

<Handler Request-Type=Access-Request,Realm=/domain1.com/i>
.....
</Handler>

<Handler Request-Type=Access-Request,Realm=/domain2.com/i>
.....
</Handler>

<Handler Request-Type=Access-Request,Realm=/domain3.com/i>
.....
</Handler>

Second question is of more importance for me though.

One of the requirements for one of the realms is authenticating off
Active Directory,
this portion is working fine using NTLM. However, my requirement is
that the Authentication
portion happens out of Active Directory but the reply attributes be
served out of MySQL.
As such, the users in Active Directory are also in a MySQL DB where
the actual profile lives.
Is there a mechanic to perform a mysql reply attribute lookup after
the ntlm_auth?

<AuthBy NTLM>

        Identifier Auth_AD

                NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
                DefaultDomain CONTOSO.LOCAL
                UsernameMatchesWithoutRealm

</AuthBy>

Best Regards

Ronald Higgins


More information about the radiator mailing list