[RADIATOR] UserName Rewrite Function

Heikki Vatiainen hvn at open.com.au
Thu Feb 17 14:46:34 CST 2011


On 02/17/2011 02:44 AM, Rianto Wahyudi wrote:

> We have MySQL database containing email alias which map into Active Directory user. 
> Ie : rianto.wahyudi at latrobe.edu.au mapped to rwahyudi at ltu.edu.au
> 
> 
> I would like to utilize this database so user can login with their email address or their AD username. 
> Is it possible to pass UserNameRewrite to a function or another perl script ? 

RewriteUserName expects its argument to be something that Perl binding
operator can use: http://perldoc.perl.org/perlop.html#Binding-Operators

For me it looks like you can not use a function to map the email
addresses to AD usernames.

> All authentication are done via NTLM, and I believe radiator use ntlm_auth program.
> Is it possible to create a wrapper for ntlm_auth script ? 

This is an interesting idea. Ntlm_auth is launced with open2() function
http://perldoc.perl.org/IPC/Open2.html

Parameters are written with print() to $chld_out and read with
readline() from $child_in. A single dot signals the end of input or
output as documented by ntlm_auth man page.

So the communcation is quite simple and if you decide to give this a
try, it would be interesting to hear about the results.

> Here is my handler setup : 
> 
> # STUDENTS DOMAIN TTLS
> <Handler Client-Identifier=Eduroam-Server, TunnelledByTTLS=1,Realm=/students.*/i>
>     RewriteUsername s/^\@.*//
>     <AuthBy NTLM>
>         EAPType MSCHAP-V2
>         Domain STUDENTS
>         UsernameMatchesWithoutRealm
>     </AuthBy>
> </Handler>

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list