Re: (RADIATOR) RewriteUsername - Strip leading blanks

2003-06-21 Thread Nicolai van der Smagt 
On a linux machine at least, you can do 'man perlre'.

Something like: s/^\s*([EMAIL PROTECTED]).*/$1/

Cheers,
-- 
Nicolai van der Smagt <[EMAIL PROTECTED]>
BBned NV

On Sat, 2003-06-21 at 10:21, Herman verschooten wrote:
> Hi,
> 
> I am currently using this
> 
> RewriteUsername s/^([EMAIL PROTECTED]).*/$1/
> 
> Can anyone help me to so it strips leading blanks?
> 
> Tx,
> 
> Herman


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername - Strip leading blanks

2003-06-21 Thread Herman verschooten 
Hi,

I am currently using this

RewriteUsername s/^([EMAIL PROTECTED]).*/$1/

Can anyone help me to so it strips leading blanks?

Tx,

Herman
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) RewriteUsername and logging

2002-09-28 Thread Hugh Irvine 


Hello Jeremy -

Depending on the rest of your configuration file, you could use 
Handlers like this:

# define Handlers


# do accounting
RewriteUsername .

AcctResult ACCEPT

AcctLogFileName ...



# do authentication





regards

Hugh


On Sunday, September 29, 2002, at 05:26 AM, Jeremy Hinton wrote:

> Greetings all,
>
>   I'm having a bit of a puzzle i cant seem to figure out. I am using an 
> AuthBy LDAP2 clause to auth with an LDAP server. The LDAP
> schema is built as uid=,cn=. Since most of my users 
> log in w/out specifying a realm, i have a DefaultRealm specified in my 
> Client clause. This works no problem. However, my billing system, 
> which reads the Accounting logs, doesn't like seeing the realm tagged 
> on the end of the username, and needs it to be stripped off. If i put 
> a RewriteUsername in my Handler, it strips the realm off before the 
> AuthBy LDAP2 occurs, and breaks it. I suppose i could run 2 separate 
> servers, one for auth and another for accounting, with the accounting 
> one stripping the realm, but that seems like a bit of overkill. Or, i 
> could put the rewrite in an AuthBy GROUP clause just for the 
> accounting part, but i'd need an AuthBy module that did normal radius 
> accounting (and disable accounting in the realm/hanlder), and i 
> haven't found one that does.  Any suggestions?
>
> - jeremy
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername and logging

2002-09-28 Thread Jeremy Hinton 

Greetings all,

I'm having a bit of a puzzle i cant seem to figure out. I am using an 
AuthBy LDAP2 clause to auth with an LDAP server. The LDAP
schema is built as uid=,cn=. Since most of my users log in 
w/out specifying a realm, i have a DefaultRealm specified in my Client 
clause. This works no problem. However, my billing system, which reads the 
Accounting logs, doesn't like seeing the realm tagged on the end of the 
username, and needs it to be stripped off. If i put a RewriteUsername in my 
Handler, it strips the realm off before the AuthBy LDAP2 occurs, and breaks 
it. I suppose i could run 2 separate servers, one for auth and another for 
accounting, with the accounting one stripping the realm, but that seems 
like a bit of overkill. Or, i could put the rewrite in an AuthBy GROUP 
clause just for the accounting part, but i'd need an AuthBy module that did 
normal radius accounting (and disable accounting in the realm/hanlder), and 
i haven't found one that does.  Any suggestions?

- jeremy

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Rewriteusername Regular Expression Newbie

2002-04-17 Thread Andy De Petter 


Hi Barry,

Obviously, you could also use:

RewriteFunction sub { my ($a) = shift; $a =~ tr/A-Z/a-z/; $a =~
s/^([^@]+).*/$1/; $a; }

Cheers,

-Andy

> -Original Message-
> From: [EMAIL PROTECTED] 
> [mailto:[EMAIL PROTECTED]] On Behalf Of Barry Andersson
> Sent: donderdag 18 april 2002 3:45
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) Rewriteusername Regular Expression Newbie
> 
> 
> Hi,
> 
> I'm afraid Perl regular expressions are a bit foreign to me.
> 
> I want to force all usernames to lower case and strip any 
> domain suffix that
> may be attached. Do I simply add two RewriteUsername lines at the very
> beginning of my Radius.cfg before any AuthBy or Realm clauses such as:
> 
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername tr/A-Z/a-z/
> 
> or can I combine the two into a single line? Note that we have five
> different realms that usres may inadvertently include.
> 
> Cheers
> 
> Barry Andersson
> 
> 
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
> 

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Rewriteusername Regular Expression Newbie

2002-04-17 Thread Hugh Irvine 


Hello Barry -

Yes - the two lines you show below will work.

regards

Hugh


On Thu, 18 Apr 2002 11:44, Barry Andersson wrote:
> Hi,
>
> I'm afraid Perl regular expressions are a bit foreign to me.
>
> I want to force all usernames to lower case and strip any domain suffix
> that may be attached. Do I simply add two RewriteUsername lines at the very
> beginning of my Radius.cfg before any AuthBy or Realm clauses such as:
>
> RewriteUsername s/^([^@]+).*/$1/
> RewriteUsername tr/A-Z/a-z/
>
> or can I combine the two into a single line? Note that we have five
> different realms that usres may inadvertently include.
>
> Cheers
>
> Barry Andersson
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Rewriteusername Regular Expression Newbie

2002-04-17 Thread Barry Andersson 

Hi,

I'm afraid Perl regular expressions are a bit foreign to me.

I want to force all usernames to lower case and strip any domain suffix that
may be attached. Do I simply add two RewriteUsername lines at the very
beginning of my Radius.cfg before any AuthBy or Realm clauses such as:

RewriteUsername s/^([^@]+).*/$1/
RewriteUsername tr/A-Z/a-z/

or can I combine the two into a single line? Note that we have five
different realms that usres may inadvertently include.

Cheers

Barry Andersson


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) RewriteUsername

2002-02-28 Thread Ronan Eckelberry, Network/Systems Admin 



    Try naming the realm 
DEFAULT.  It looks at anything after the @ to determine the realm 
name.  So, if a customer logs in as [EMAIL PROTECTED], it is going to look for a realm 
called .  By default, if Radiator finds no matches, it 
will try to use .
 
-Ronan
 

  - Original Message - 
  From: 
  Barry 
  Andersson 
  To: [EMAIL PROTECTED] 
  Sent: Thursday, 28 February, 2002 
  19:36
  Subject: (RADIATOR) RewriteUsername
  
  Hi,
   
  I have RewriteUsername s/^([^@]+).*/$1/  in my 
  radius.cfg file however domains don't appear to be stripped from users who 
  inadvertently login with their email address. I'm getting errors in the 
  logfile such as "Could not find a handler for username@domainname: request is 
  ignored"
   
  Below is the appropriate section from my 
  radius.cfg
   
  Regards
   
  Barry Andersson
   
   
  
  
  UseGetspnamf
  Identifier System
  
  
  RewriteUsername s/^([^@]+).*/$1/
  MaxSessions 1
  
  Filename ./users
  
  AcctLogFileName /var/log/radius/detail
   
  
  
  AcctResult ACCEPT

Re: (RADIATOR) RewriteUsername

2002-02-28 Thread Hugh Irvine 


Hello Barry -

The way your configuration file is set up, you will only get usernames of the 
form "user@auth" in the  clause. If the username is of the form 
[EMAIL PROTECTED], it will not go to the  clause, hence will 
not get rewritten. The other  clause will only match usernames without 
realm suffixes, hence the message "Could not find a handler ...".

regards

Hugh


On Fri, 1 Mar 2002 11:36, Barry Andersson wrote:
> Hi,
>
> I have RewriteUsername s/^([^@]+).*/$1/  in my radius.cfg file however
> domains don't appear to be stripped from users who inadvertently login with
> their email address. I'm getting errors in the logfile such as "Could not
> find a handler for username@domainname: request is ignored"
>
> Below is the appropriate section from my radius.cfg
>
> Regards
>
> Barry Andersson
>
>
> 
>
> UseGetspnamf
>
> Identifier System
>
> 
>
> 
>
> RewriteUsername s/^([^@]+).*/$1/
>
> MaxSessions 1
>
> 
>
> Filename ./users
>
> 
>
> AcctLogFileName /var/log/radius/detail
>
> 
>
> 
>
> 
>
> AcctResult ACCEPT
>
> 
>
> 

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername

2002-02-28 Thread Barry Andersson 



Hi,
 
I have RewriteUsername s/^([^@]+).*/$1/  in my 
radius.cfg file however domains don't appear to be stripped from users who 
inadvertently login with their email address. I'm getting errors in the logfile 
such as "Could not find a handler for username@domainname: request is 
ignored"
 
Below is the appropriate section from my 
radius.cfg
 
Regards
 
Barry Andersson
 
 


UseGetspnamf
Identifier System


RewriteUsername s/^([^@]+).*/$1/
MaxSessions 1

Filename ./users

AcctLogFileName /var/log/radius/detail
 


AcctResult ACCEPT

Re: (RADIATOR) RewriteUsername

2001-05-11 Thread Hugh Irvine 


Hello Shon -

You would just put the regexp into the relevant field in the database.

RewriteUsername s/^([^@]+).*/$1

will indeed remove the @. realm suffix from a username.

regards

Hugh


On Saturday 12 May 2001 03:27, Shon Stephens wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> - -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> I would like to put my RewriteUsername Rule into the clients table of
> my MySQL database. Should I put the whole statement like this:
>
> RewriteUsername s/^([^@]+).*/$1/
>
> into the database, or just the regex. Also, I am not so good with
> regex. I believe that the above will take [EMAIL PROTECTED] and rewrite
> that as user. Is that so?
>
> Thanks,
> Shon Stephens
> [EMAIL PROTECTED]
>
> - -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use
> 
>
> iQA/AwUBOvwg6kwGLkuD4lDdEQIN4gCfQxiNNrjNd1vua1GeCjVumSaY4EMAoIjd
> file://rAvD53MivQfaXnjz0yoYL+
> =HD3n
> - -END PGP SIGNATURE-
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 7.0.3 for non-commercial use 
>
> iQA/AwUBOvwhGUwGLkuD4lDdEQLajQCeKrRBN2r0jXWnHOHlBO7JH7iIEUEAn2Z2
> e5TlRZHZZxKFjMh0JKikdhh4
> =pUSf
> -END PGP SIGNATURE-
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername

2001-05-11 Thread Shon Stephens 

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

- -BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I would like to put my RewriteUsername Rule into the clients table of
my MySQL database. Should I put the whole statement like this:

RewriteUsername s/^([^@]+).*/$1/

into the database, or just the regex. Also, I am not so good with
regex. I believe that the above will take [EMAIL PROTECTED] and rewrite
that as user. Is that so?

Thanks,
Shon Stephens
[EMAIL PROTECTED]

- -BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use


iQA/AwUBOvwg6kwGLkuD4lDdEQIN4gCfQxiNNrjNd1vua1GeCjVumSaY4EMAoIjd
file://rAvD53MivQfaXnjz0yoYL+
=HD3n
- -END PGP SIGNATURE-

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBOvwhGUwGLkuD4lDdEQLajQCeKrRBN2r0jXWnHOHlBO7JH7iIEUEAn2Z2
e5TlRZHZZxKFjMh0JKikdhh4
=pUSf
-END PGP SIGNATURE-

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) RewriteUsername help

2001-04-17 Thread Eric Lackey 

Jeffrey,

Here are some possible values you could use for that.  You would probably
want to use the %u which is the full username before any Rewrites are
applied.  So I think your AcctColumnDef for USERNAME would look like this 

 AcctColumnDef   USERNAME,%u
-
%n
 The User-Name (i.e. the full user name, including the realm) currently
being authenticated, after any RewriteUsername was applied.
 
%U
 The User-Name currently being authenticated with the realm (if any)
stripped off, after any RewriteUsername was applied.
 
%u
 The full original User-Name that was received, before any RewriteUsername
were applied.
 

-Original Message-
From: Jeffrey Wheat [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, April 17, 2001 4:01 PM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) RewriteUsername help


Hello all!

I have a special need for stripping the domain name from my
proxy customers prior to authenication but need the domain
to be included when writing the accounting records to a file
and to the sql database. Any suggestions? 

MTIA,
Jeff

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) RewriteUsername help

2001-04-17 Thread Hugh Irvine 


Hello Jeff -

You would use custom queries for the SQL database, and a format specification 
for the detail file - both using special characters: %n, %u and %N.

Have a look at section 6.2 in the Radiator 2.18 reference manual.

hth

Hugh


On Wednesday 18 April 2001 07:00, Jeffrey Wheat wrote:
> Hello all!
>
> I have a special need for stripping the domain name from my
> proxy customers prior to authenication but need the domain
> to be included when writing the accounting records to a file
> and to the sql database. Any suggestions?
>
> MTIA,
> Jeff
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername help

2001-04-17 Thread Jeffrey Wheat 

Hello all!

I have a special need for stripping the domain name from my
proxy customers prior to authenication but need the domain
to be included when writing the accounting records to a file
and to the sql database. Any suggestions? 

MTIA,
Jeff

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) RewriteUsername in ?

2001-03-28 Thread Hugh Irvine 


Hello Dave -

As the name implies, AuthBy GROUP is an AuthBy clause, not a Handler. 
They are mainly used for chaining multiple AuthBy clauses and tagged 
with an Identifier for use in Realms or Handlers.

hth

Hugh



At 8:45 -0500 01/3/28, Kitabjian, Dave wrote:
>Ahh, I see. Sorry I didn't think of that.
>
>Would I be correct in assessing this AuthBy GROUP as behaving sort of like a
>quasi-Handler? It seems that it offers some Handler-like control...
>
>Thanks!
>
>Dave
>:)
>
>>  -Original Message-
>>  From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
>>  Sent: Friday, January 01, 1904 5:31 AM
>>  To: Kitabjian, Dave; '[EMAIL PROTECTED]'
>>  Cc: Wild, Andrew
>>  Subject: Re: (RADIATOR) RewriteUsername in  ?
>>
>>
>>
>>  Hello Dave -
>>
>>  The way to do this is with AuthBy GROUP(s):
>>
>...
>>
>>  Hugh
>>
>>
>>  At 16:56 -0500 01/3/27, Kitabjian, Dave wrote:
>>  >Subject says it all.
>>  >
>>  >The docs say you can specify RewriteUsername Globally, in
>>  Client clauses,
>>  >and in Realms. (It might be worth mentioning that it appears
>>  to work in
>>  >non-realm Handlers, too.)
>>  >
>>  >But anyway...
>>  >
>>  >I'm wondering if it can work in  clauses?
>>  >
>>  >The reason we'd like that is as follows. We do a
>>  RewriteUsername to strip
>>  >out garbled characters before passing requests onto LDAP,
>>  since it will hang
>>  >LDAP (and sometimes Radiator :-( ). We don't know which
>>  Clients will end up
>>  >using the AuthBy LDAP, and the requests may arrive via other
>>  Handlers, too.
>>  >So the logical place to put it is in the AuthBy. Otherwise,
>>  we'll have to
>>  >make sure to specify it in each Handler, which is less than elegant.
>>  >
>>  >Does this make sense?
>>  >
>>  >Thanks!
>>  >
>>  >Dave
>>  >NetCarrier

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) RewriteUsername in ?

2001-03-28 Thread Kitabjian, Dave 

Ahh, I see. Sorry I didn't think of that. 

Would I be correct in assessing this AuthBy GROUP as behaving sort of like a
quasi-Handler? It seems that it offers some Handler-like control...

Thanks!

Dave
:)

> -Original Message-
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 01, 1904 5:31 AM
> To: Kitabjian, Dave; '[EMAIL PROTECTED]'
> Cc: Wild, Andrew
> Subject: Re: (RADIATOR) RewriteUsername in  ?
> 
> 
> 
> Hello Dave -
> 
> The way to do this is with AuthBy GROUP(s):
> 
...
> 
> Hugh
> 
> 
> At 16:56 -0500 01/3/27, Kitabjian, Dave wrote:
> >Subject says it all.
> >
> >The docs say you can specify RewriteUsername Globally, in 
> Client clauses,
> >and in Realms. (It might be worth mentioning that it appears 
> to work in
> >non-realm Handlers, too.)
> >
> >But anyway...
> >
> >I'm wondering if it can work in  clauses?
> >
> >The reason we'd like that is as follows. We do a 
> RewriteUsername to strip
> >out garbled characters before passing requests onto LDAP, 
> since it will hang
> >LDAP (and sometimes Radiator :-( ). We don't know which 
> Clients will end up
> >using the AuthBy LDAP, and the requests may arrive via other 
> Handlers, too.
> >So the logical place to put it is in the AuthBy. Otherwise, 
> we'll have to
> >make sure to specify it in each Handler, which is less than elegant.
> >
> >Does this make sense?
> >
> >Thanks!
> >
> >Dave
> >NetCarrier

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) RewriteUsername in ?

2001-03-27 Thread Hugh Irvine 


Hello Dave -

The way to do this is with AuthBy GROUP(s):

# configure AuthBy clause


Identifier CheckLDAP
.


# configure AuthBy GROUP


Identifier CheckUsers
RewriteUsername
AuthBy CheckLDAP


# configure Realms or Handlers


AuthBy CheckUsers



See section 6.21 in the Radiator 2.18 reference manual.

cheers

Hugh


At 16:56 -0500 01/3/27, Kitabjian, Dave wrote:
>Subject says it all.
>
>The docs say you can specify RewriteUsername Globally, in Client clauses,
>and in Realms. (It might be worth mentioning that it appears to work in
>non-realm Handlers, too.)
>
>But anyway...
>
>I'm wondering if it can work in  clauses?
>
>The reason we'd like that is as follows. We do a RewriteUsername to strip
>out garbled characters before passing requests onto LDAP, since it will hang
>LDAP (and sometimes Radiator :-( ). We don't know which Clients will end up
>using the AuthBy LDAP, and the requests may arrive via other Handlers, too.
>So the logical place to put it is in the AuthBy. Otherwise, we'll have to
>make sure to specify it in each Handler, which is less than elegant.
>
>Does this make sense?
>
>Thanks!
>
>Dave
>NetCarrier
>
>
>===
>Archive at http://www.starport.net/~radiator/
>Announcements on [EMAIL PROTECTED]
>To unsubscribe, email '[EMAIL PROTECTED]' with
>'unsubscribe radiator' in the body of the message.

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername in ?

2001-03-27 Thread Kitabjian, Dave 

Subject says it all. 

The docs say you can specify RewriteUsername Globally, in Client clauses,
and in Realms. (It might be worth mentioning that it appears to work in
non-realm Handlers, too.)

But anyway...

I'm wondering if it can work in  clauses?

The reason we'd like that is as follows. We do a RewriteUsername to strip
out garbled characters before passing requests onto LDAP, since it will hang
LDAP (and sometimes Radiator :-( ). We don't know which Clients will end up
using the AuthBy LDAP, and the requests may arrive via other Handlers, too.
So the logical place to put it is in the AuthBy. Otherwise, we'll have to
make sure to specify it in each Handler, which is less than elegant.

Does this make sense?

Thanks!

Dave
NetCarrier


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

IMPORTANT - Re: (RADIATOR) RewriteUsername & Simultaneous-Use problem

2000-07-20 Thread Hugh Irvine 


Hello Nikos -

Several similar questions have come up recently, and my response has always
been this: why not set up a Handler clause to catch the illegal usernames and
reject them out of hand? The list in the Handler below will match on any
character other than "a-z", "A-Z", "0-9", "-", "_", "@". Obviously you would
alter the list to whatever makes sense in your environment.

Something like this:


Identifier SDB_INTERNAL



SessionDatabase SDB_INTERNAL

Filename  %D/users.reject




The users.reject file would contain this:

DEFAULT Auth-Type = Reject


In conjunction with the above, you can use custom SQL queries in your
SQL session database and a NasType of Ping in your Client clauses. That way you
can control what gets written to the session database to make sure you always
write the same thing no matter how the username was entered, and you can use
strict simultaneous use checking without relying on what is recorded for the
username in the NAS.

hth

Hugh



On Thu, 20 Jul 2000, Nikos Aslanakis wrote:
> We have a problem regarding simultaneous logins.
> One of our users did the following:
> 
> Logged in once using his normal username, eg. "user"
> ..and then logged in successfuly using the same username with additional
> ttrailing spaces: "user".
> 
> When radiator writes the accounting records to the SQL online database, it
> uses the original username, without the modifications made by the
> RewriteUsername commands. So it thinks that the usename "user" is different
> from "user   " and lets the user login more than once.
> 
> Is there some solution to this problem? Can radiator write to the online
> database the final username, after all modifications?
> We cannot afford not to strip the leading & trailing spaces, as we will have
> tech support overload..
> 
> Of course, the same can happen if the user uses uppercase and lowercase
> letters in his username and if he uses realms.
> Here is the part of the conf file that does the RewriteUsername:
> 
> 
> 
> 
> #   Strip the realm
> RewriteUsername s/^([^@]+).*/$1/
> #   Remove spaces from username
> RewriteUsername s/\s+//g
> #   Translates all uppercase chars to lowercase
> RewriteUsernametr/[A-Z]/[a-z]/
> #   Remove char '(' from username (causes radiator to lock)
> RewriteUsername s/\(//g
> 
> RejectHasReason
> SessionDatabase SESSQL
> AuthByPolicyContinueWhileReject
> #   AcctLogFileName /var/adm/radacct/RADIATOR/detail
> 
> 
> DBSourcedbi:mysql:regcod:xxx.xxx.xxx.xxx
> DBUsername  xx
> DBAuth  xx
> AuthSelect
> AccountingStopsOnly
> AccountingTable account%m%Y
> AcctColumnDef   USERNAME,User-Name
> AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
> AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
> AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
> AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
> AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
> AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
> AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
> AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
> AcctColumnDef   NASPORT,NAS-Port,integer
> AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
> AcctColumnDef   CALLINGSTATIONID,Calling-Station-Id
> 
> 
> 
> Thanks in advance for any help.
> 
> _
> Nikos Aslanakis
> SPARKnet S.A. - Systems Admin
> Thessaloniki - Greece
> tel.  +30 31 868080
> http://www.spark.net.gr
> mailto:[EMAIL PROTECTED]
> 
> 
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) RewriteUsername & Simultaneous-Use problem

2000-07-20 Thread David Lloyd 

On Thu, 20 Jul 2000, Nikos Aslanakis wrote:

> We have a problem regarding simultaneous logins. One of our users did
> the following:
> 
> Logged in once using his normal username, eg. "user" ..and then logged
> in successfuly using the same username with additional trailing
> spaces: "user "(SNIP)... Is there some solution to this problem?
> Can radiator write to the online database the final username, after
> all modifications? We cannot afford not to strip the leading &
> trailing spaces, as we will have tech support overload..(SNIP)

Two things... first, you forgot to post the  section of
your config file.

Second, the solution is simple:  Change your Add/Delete/ClearNas/
CountQueries to use '%U' instead of '%n' or '%{User-Name}'.  %U is the
rewritten username (page 11 of the manual I think).

- D


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername & Simultaneous-Use problem

2000-07-20 Thread Nikos Aslanakis 

We have a problem regarding simultaneous logins.
One of our users did the following:

Logged in once using his normal username, eg. "user"
..and then logged in successfuly using the same username with additional
trailing spaces: "user".

When radiator writes the accounting records to the SQL online database, it
uses the original username, without the modifications made by the
RewriteUsername commands. So it thinks that the usename "user" is different
from "user   " and lets the user login more than once.

Is there some solution to this problem? Can radiator write to the online
database the final username, after all modifications?
We cannot afford not to strip the leading & trailing spaces, as we will have
tech support overload..

Of course, the same can happen if the user uses uppercase and lowercase
letters in his username and if he uses realms.
Here is the part of the conf file that does the RewriteUsername:




#   Strip the realm
RewriteUsername s/^([^@]+).*/$1/
#   Remove spaces from username
RewriteUsername s/\s+//g
#   Translates all uppercase chars to lowercase
RewriteUsernametr/[A-Z]/[a-z]/
#   Remove char '(' from username (causes radiator to lock)
RewriteUsername s/\(//g

RejectHasReason
SessionDatabase SESSQL
AuthByPolicyContinueWhileReject
#   AcctLogFileName /var/adm/radacct/RADIATOR/detail


DBSourcedbi:mysql:regcod:xxx.xxx.xxx.xxx
DBUsername  xx
DBAuth  xx
AuthSelect
AccountingStopsOnly
AccountingTable account%m%Y
AcctColumnDef   USERNAME,User-Name
AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
AcctColumnDef   NASPORT,NAS-Port,integer
AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef   CALLINGSTATIONID,Calling-Station-Id



Thanks in advance for any help.

_
Nikos Aslanakis
SPARKnet S.A. - Systems Admin
Thessaloniki - Greece
tel.  +30 31 868080
http://www.spark.net.gr
mailto:[EMAIL PROTECTED]


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername ??

2000-07-11 Thread Iris Silva 


 
We would like IPASS roamers on our network to identify themselves as 
 
 [EMAIL PROTECTED]

when they log in which I believe is the UUNET standard, right?
 
I do know that rewriteusername clause is useful to do this but i'm a
little bit confused in the correct way that i can do it..

Anybody has an idea/suggestion about it?


Thank You a lot for you answers.


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername

2000-07-01 Thread Emin TAHRALI 
Title: RewriteUsername





Hi,


How can I combine this three Rewrite parameters in one expression.


RewriteUsername s/'//g
RewriteUsername tr/-A-Za-z0-9\.\@//cd
RewriteUsername s/^([^@]+).*/$1/


Best regards,
Emin TAHRALI

Re: (RADIATOR) RewriteUserName help needed

1999-06-08 Thread Mike McCauley 

On Jun 8,  7:37pm, [EMAIL PROTECTED] wrote:
> Subject: (RADIATOR) RewriteUserName help needed
> At the advice of Mike, I have started to put a realm name on the
> end of some of my usernames.  This is being done in the 
> clause.  I have this working correctly where it puts
> "@host.2xtreme.net" on the end of any usename appearing from
> that client.  The problem I'm having now is that when this username
> gets recognized by the  clause, it send the whole
> '[EMAIL PROTECTED]' in to my platypus SQL looking for a
> match.  Naturally, I have not entered the realm name into my
> customers user fields in platypus and it does not find a match.  I'm
> thinking that I need to do another RewriteUsername that will strip
> off the whole realm name once it is received by the 
> clause before it sends it to my platypus SQL for authentication.

Yes, thats the right answer. You want something like:

RewriteUsername s/^([^@]+).*/$1/

>
> Another issue with adding realm names at the end of each
> username with the  clause, multiple logins cannot be
> enforced between POPs since each POP has it's own realm name.
>  If the same username logs attempts to login to the same POP
> twice, that should work though.  If I could strip off the realm name
> before any  clauses in the realm, this would solve both
> problems I believe.
Correct.

> Since I'm not very good at regular expressions
> in perl, can someone show me how to truncate a username based
> on the '@' ?
See above.

Hope that helps.

Cheers.

>
> Thanks,
> John Kicklighter
> Internet 2xtreme
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from [EMAIL PROTECTED]



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985   Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, 
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) RewriteUserName help needed

1999-06-08 Thread tom minchin 

On Tue, Jun 08, 1999 at 07:37:36PM -0700, [EMAIL PROTECTED] wrote:
> Another issue with adding realm names at the end of each 
> username with the  clause, multiple logins cannot be 
> enforced between POPs since each POP has it's own realm name. 
>  If the same username logs attempts to login to the same POP 
> twice, that should work though.  If I could strip off the realm name 
> before any  clauses in the realm, this would solve both 
> problems I believe.  Since I'm not very good at regular expressions 
> in perl, can someone show me how to truncate a username based 
> on the '@' ?
> 

There's an example in the manual: RewriteUsername s/^([^@]+).*/$1/

[EMAIL PROTECTED]

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUserName help needed

1999-06-08 Thread admin 

At the advice of Mike, I have started to put a realm name on the 
end of some of my usernames.  This is being done in the  
clause.  I have this working correctly where it puts 
"@host.2xtreme.net" on the end of any usename appearing from 
that client.  The problem I'm having now is that when this username 
gets recognized by the  clause, it send the whole 
'[EMAIL PROTECTED]' in to my platypus SQL looking for a 
match.  Naturally, I have not entered the realm name into my 
customers user fields in platypus and it does not find a match.  I'm 
thinking that I need to do another RewriteUsername that will strip 
off the whole realm name once it is received by the  
clause before it sends it to my platypus SQL for authentication.

Another issue with adding realm names at the end of each 
username with the  clause, multiple logins cannot be 
enforced between POPs since each POP has it's own realm name. 
 If the same username logs attempts to login to the same POP 
twice, that should work though.  If I could strip off the realm name 
before any  clauses in the realm, this would solve both 
problems I believe.  Since I'm not very good at regular expressions 
in perl, can someone show me how to truncate a username based 
on the '@' ?

Thanks,
John Kicklighter
Internet 2xtreme

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername

1999-04-22 Thread Richard Hawley 

Totally ignore my last message.  I found the section in the manual.
Make fun of me if you wish, I deserve it! :)

..Rich

--

Richard W. Hawley - Network Engineer
CyberZone Internet Services
http://www.cyberzone.net
[EMAIL PROTECTED]



===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername

1999-04-22 Thread Richard Hawley 

Will RewriteUsername work for a specific realm if I specify it within
the  clause or do I have to use RewriteFunction?  I have
four realms (three of which simply proxy to other radius servers).  The
main realm has users who may or may not specify the realm in their PPP
dialer.  I only want radiator to strip the realm from users in the main
realm, not the three proxied realms.

..Rich

--

Richard W. Hawley - Network Engineer
CyberZone Internet Services
http://www.cyberzone.net
[EMAIL PROTECTED]



===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) RewriteUsername question

1999-03-24 Thread Mike McCauley 

Hi Jason

On Mar 24,  6:31pm, Jason J. Horton wrote:
> Subject: (RADIATOR) RewriteUsername question
> I am not very familiar with the way the RewriteUsername stuff works.
> What I would like to do is take a username like this:
> re010045
> and turn it into this:
> 0045@re01
>
> Basically take the first 4 characters from the beginning, move them
> to the end, separating with an @ sign. This way I can hand out usernames
> so I don't have to explain the concept of realms to end users.
> Am I correct in assuming that if I do this, then I can use multiple
>  statements, authenticating from different user files/sql
> databases?
Yes, you can do this. RewriteUsername can be set up to apply to all requests,
only the requests from a certaion Client, or only the requests handled by a
certain Realm or Handler (see radius.cfg for examples)

In your case, you will want something like this at the top level, then you can
have multiple realm clauses to match the first 4 characters (which will become
the realm name).

RewriteUsername  s/(.{4})(.*)/$2\@$1/

(BTW, you could get the same effect with something like

RewriteUsername s/^.{4}//




RewriteUsername s/^.{4}//



etc.

Hope that helps.

Cheers.


>
>   -Jason J. Horton <[EMAIL PROTECTED]>
>Senior Network & Systems Engineer
>Intercom Online Inc.
>212.378.2202 | http://www.intercom.com
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Jason J. Horton



-- 
Mike McCauley   [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) RewriteUsername question

1999-03-24 Thread Jason J. Horton 

I am not very familiar with the way the RewriteUsername stuff works.
What I would like to do is take a username like this:
re010045
and turn it into this:
0045@re01

Basically take the first 4 characters from the beginning, move them
to the end, separating with an @ sign. This way I can hand out usernames
so I don't have to explain the concept of realms to end users.
Am I correct in assuming that if I do this, then I can use multiple
 statements, authenticating from different user files/sql
databases?

-Jason J. Horton <[EMAIL PROTECTED]>
 Senior Network & Systems Engineer
 Intercom Online Inc. 
 212.378.2202 | http://www.intercom.com


===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.