[RADIATOR] UserName Rewrite Function

Rianto Wahyudi R.Wahyudi at latrobe.edu.au
Thu Feb 17 15:59:43 CST 2011 

Hi Heikki, 

Thanks for the response. 
We are currently still on evaluation stage, and having the trial version installed. I can not see the source code of the radiator but I'm interested to do some hacking. 

Just few more questions : 
- How does radiator know the location of ntlm_auth? Is it using standard linux path ? 
- Is it possible to specify ntlm_auth location so it doesn't use the standard one ? 

Regards,
Rianto 


-----Original Message-----
From: Heikki Vatiainen [mailto:hvn at open.com.au] 
Sent: Friday, 18 February 2011 7:47 AM
To: Rianto Wahyudi
Cc: radiator at open.com.au
Subject: Re: [RADIATOR] UserName Rewrite Function

On 02/17/2011 02:44 AM, Rianto Wahyudi wrote:

> We have MySQL database containing email alias which map into Active Directory user. 
> Ie : rianto.wahyudi at latrobe.edu.au mapped to rwahyudi at ltu.edu.au
> 
> 
> I would like to utilize this database so user can login with their email address or their AD username. 
> Is it possible to pass UserNameRewrite to a function or another perl script ? 

RewriteUserName expects its argument to be something that Perl binding
operator can use: http://perldoc.perl.org/perlop.html#Binding-Operators

For me it looks like you can not use a function to map the email
addresses to AD usernames.

> All authentication are done via NTLM, and I believe radiator use ntlm_auth program.
> Is it possible to create a wrapper for ntlm_auth script ? 

This is an interesting idea. Ntlm_auth is launced with open2() function
http://perldoc.perl.org/IPC/Open2.html

Parameters are written with print() to $chld_out and read with
readline() from $child_in. A single dot signals the end of input or
output as documented by ntlm_auth man page.

So the communcation is quite simple and if you decide to give this a
try, it would be interesting to hear about the results.

> Here is my handler setup : 
> 
> # STUDENTS DOMAIN TTLS
> <Handler Client-Identifier=Eduroam-Server, TunnelledByTTLS=1,Realm=/students.*/i>
>     RewriteUsername s/^\@.*//
>     <AuthBy NTLM>
>         EAPType MSCHAP-V2
>         Domain STUDENTS
>         UsernameMatchesWithoutRealm
>     </AuthBy>
> </Handler>

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list