Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) RADIUS unmangling names
> At 17:36 04/05/1997 -0500, you wrote:
> >Except that the RADIUS server has no way of telling the Max about the
> >canonified, fixed, username, so the list of logged on users according
> >to the Max contains lots of garbage usernames, plus the RADIUS server
> >has to repeat the demangling when it received Accounting requests later on.
> >
> >How about an Ascend-Cannonical-Name that can be returned in the
> >authentication response to tell the Max to change the username it
> >records.
>
> this works for CLID authenticated call,
> and causes the "User-Name" to show in the logs,
> might be worth a try:
>
> xyz@my.com Password = "secretstuff"
> User-Name = "xyz",
> [...]
I only got around to trying this trick today, but the results are positive.
If you return a User-Name attribute in the RADIUS reply, then the Max will
use it in the display window and in accounting requests instead of the
original username.
I use this feature with a code modification to radiusd. Our user
authentication code attempts to remove trailing @domain and leading
WINDOWS_WORDGROUP\ substrings from the username that ignorant users
like to put in, as well as cure the ALL CAPS USERNAME symdrome. A small
piece of code in radiusd.c compares the original username with the
adjusted username, and inserts a User-Name attribute if they differ.
Thanks for the suggestion!
-Phil
> ----
> Jim Howard jhoward@lyceum.com
> Sr Network Engineer 404.248.1733
> Lyceum Internet http://www.lyceum.com/
>
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
Follow-Ups: