Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) RADIUS unmangling names



Verrry interresting....
	But the RADIUS RFC says that User-Name is not a valid return attribute.
	I guess the Ascend CLID implementation ran into that problem.

So use at your own risk.

	Dave.

At 10:44 AM 6/24/97 -0400, Phillip Vandry wrote:
>> At 17:36 04/05/1997 -0500, you wrote:
>> >Except that the RADIUS server has no way of telling the Max about the
>> >canonified, fixed, username, so the list of logged on users according
>> >to the Max contains lots of garbage usernames, plus the RADIUS server
>> >has to repeat the demangling when it received Accounting requests later
on.
>> >
>> >How about an Ascend-Cannonical-Name that can be returned in the
>> >authentication response to tell the Max to change the username it
>> >records.
>> 
>> this works for CLID authenticated call,
>> and causes the "User-Name" to show in the logs,
>> might be worth a try:
>> 
>> xyz@my.com      Password = "secretstuff"
>> 	User-Name = "xyz",
>>         [...]
>
>I only got around to trying this trick today, but the results are positive.
>
>If you return a User-Name attribute in the RADIUS reply, then the Max will
>use it in the display window and in accounting requests instead of the
>original username.
>
>I use this feature with a code modification to radiusd. Our user
>authentication code attempts to remove trailing @domain and leading
>WINDOWS_WORDGROUP\ substrings from the username that ignorant users
>like to put in, as well as cure the ALL CAPS USERNAME symdrome. A small
>piece of code in radiusd.c compares the original username with the
>adjusted username, and inserts a User-Name attribute if they differ.
>
>Thanks for the suggestion!
>
>-Phil
>
>> ----
>> Jim Howard                      jhoward@lyceum.com
>> Sr Network Engineer             404.248.1733
>> Lyceum Internet                 http://www.lyceum.com/

--------------------------------------------------------------
David Mitton				508-670-8888 Main
Consulting Engineer			508-916-4570 Direct
Bay Networks, Internet/Telcom BG	508-916-4789 FAX
Billerica, MA 01821			dmitton@baynetworks.com
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>


References: