[RADIATOR] evaluating radiator: mixing backends in 1 handler + multiple realms

Hugh Irvine hugh at open.com.au
Fri Apr 23 06:00:57 CDT 2010 

Hello Ronald -

First question:


<Handler Request-Type = Access-Request, Realm = /domain1.com|domain2.com|domain3.com/i>
	.....
</Handler>


second question:


<AuthBy GROUP>

	Identifier Auth_AD_SQL

	AuthByPolicy ContinueWhileAccept

	<AuthBy NTLM>

       		Identifier Auth_AD

               NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
               DefaultDomain CONTOSO.LOCAL
               UsernameMatchesWithoutRealm

	</AuthBy>

	<AuthBy SQL>
		.....
	</AuthBy>

</AuthBy>


hope that helps

regards

Hugh


On 23 Apr 2010, at 19:37, ronald higgins wrote:

> Greetings fellow radiator users,
> 
> I'm hoping the veterans amongst might be able to assist with 2 queries
> regarding radiator.
> 
> First question is relatively simple.
> 
> Can I match mutiple realms within a handler instead of having a
> handler per realm like below?
> 
> <Handler Request-Type=Access-Request,Realm=/domain1.com/i>
> .....
> </Handler>
> 
> <Handler Request-Type=Access-Request,Realm=/domain2.com/i>
> .....
> </Handler>
> 
> <Handler Request-Type=Access-Request,Realm=/domain3.com/i>
> .....
> </Handler>
> 
> Second question is of more importance for me though.
> 
> One of the requirements for one of the realms is authenticating off
> Active Directory,
> this portion is working fine using NTLM. However, my requirement is
> that the Authentication
> portion happens out of Active Directory but the reply attributes be
> served out of MySQL.
> As such, the users in Active Directory are also in a MySQL DB where
> the actual profile lives.
> Is there a mechanic to perform a mysql reply attribute lookup after
> the ntlm_auth?
> 
> <AuthBy NTLM>
> 
>        Identifier Auth_AD
> 
>                NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
>                DefaultDomain CONTOSO.LOCAL
>                UsernameMatchesWithoutRealm
> 
> </AuthBy>
> 
> Best Regards
> 
> Ronald Higgins
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list