[RADIATOR] evaluating radiator: mixing backends in 1 handler + multiple realms
Hugh Irvine
hugh at open.com.au
Fri Apr 23 06:00:57 CDT 2010
Hello Ronald -
First question:
<Handler Request-Type = Access-Request, Realm = /domain1.com|domain2.com|domain3.com/i>
.....
</Handler>
second question:
<AuthBy GROUP>
Identifier Auth_AD_SQL
AuthByPolicy ContinueWhileAccept
<AuthBy NTLM>
Identifier Auth_AD
NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
DefaultDomain CONTOSO.LOCAL
UsernameMatchesWithoutRealm
</AuthBy>
<AuthBy SQL>
.....
</AuthBy>
</AuthBy>
hope that helps
regards
Hugh
On 23 Apr 2010, at 19:37, ronald higgins wrote:
> Greetings fellow radiator users,
>
> I'm hoping the veterans amongst might be able to assist with 2 queries
> regarding radiator.
>
> First question is relatively simple.
>
> Can I match mutiple realms within a handler instead of having a
> handler per realm like below?
>
> <Handler Request-Type=Access-Request,Realm=/domain1.com/i>
> .....
> </Handler>
>
> <Handler Request-Type=Access-Request,Realm=/domain2.com/i>
> .....
> </Handler>
>
> <Handler Request-Type=Access-Request,Realm=/domain3.com/i>
> .....
> </Handler>
>
> Second question is of more importance for me though.
>
> One of the requirements for one of the realms is authenticating off
> Active Directory,
> this portion is working fine using NTLM. However, my requirement is
> that the Authentication
> portion happens out of Active Directory but the reply attributes be
> served out of MySQL.
> As such, the users in Active Directory are also in a MySQL DB where
> the actual profile lives.
> Is there a mechanic to perform a mysql reply attribute lookup after
> the ntlm_auth?
>
> <AuthBy NTLM>
>
> Identifier Auth_AD
>
> NtlmAuthProg /usr/bin/ntlm_auth --helper-protocol=ntlm-server-1
> DefaultDomain CONTOSO.LOCAL
> UsernameMatchesWithoutRealm
>
> </AuthBy>
>
> Best Regards
>
> Ronald Higgins
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list