[RADIATOR] AuthNTLM feature requests

Heikki Vatiainen hvn at open.com.au
Wed Aug 20 15:27:30 CDT 2014


On 08/20/2014 02:27 AM, Klara Mall wrote:

> * ntlm_auth_prog-with-variables.patch:
> This one is related to my last request. I need to use the variable
> %{Handler:Identifier} in NtlmAuthProg (for group membership checks).

Hmm, if are planning to use the same AuthBy NTLM with multiple Handlers,
this is likely not to work. The ntlm_auth process is started when the
first request arrives and it will be left running. So if two or more
Handlers are using the same AuthBy NTLM they will be using the same
ntlm_auth process.

> * ntlm-rewritefunction.patch:
> This one is simply because I need a rewrite function for the inner
> identity in PEAP/MSCHAP-V2 auth. It is in production since three
> years or more and there was never a problem with it.

Can you tell why a rewrite is needed? I'd like to understand better the
case since so far this has not been required.

> I would be very happy if this (or some better code with the desired
> functionality) could be included in radiator.

The patch only changes MSCHAPv2 check but the are plaintext, CHAP and
MSCHAP checks too. Would those need similar functionality too? Or should
this go into EAP_26.pm, the EAP-MSCHAP-V2 module, so that the
functionality would be there for AuthBy FILE, SQL, etc. too, not just
AuthBy NTLM. Please let us know why this is needed.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list