Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) RADIUS unmangling names
Verrry interresting....
But the RADIUS RFC says that User-Name is not a valid return attribute.
I guess the Ascend CLID implementation ran into that problem.
So use at your own risk.
Dave.
At 10:44 AM 6/24/97 -0400, Phillip Vandry wrote:
>> At 17:36 04/05/1997 -0500, you wrote:
>> >Except that the RADIUS server has no way of telling the Max about the
>> >canonified, fixed, username, so the list of logged on users according
>> >to the Max contains lots of garbage usernames, plus the RADIUS server
>> >has to repeat the demangling when it received Accounting requests later
on.
>> >
>> >How about an Ascend-Cannonical-Name that can be returned in the
>> >authentication response to tell the Max to change the username it
>> >records.
>>
>> this works for CLID authenticated call,
>> and causes the "User-Name" to show in the logs,
>> might be worth a try:
>>
>> xyz@my.com Password = "secretstuff"
>> User-Name = "xyz",
>> [...]
>
>I only got around to trying this trick today, but the results are positive.
>
>If you return a User-Name attribute in the RADIUS reply, then the Max will
>use it in the display window and in accounting requests instead of the
>original username.
>
>I use this feature with a code modification to radiusd. Our user
>authentication code attempts to remove trailing @domain and leading
>WINDOWS_WORDGROUP\ substrings from the username that ignorant users
>like to put in, as well as cure the ALL CAPS USERNAME symdrome. A small
>piece of code in radiusd.c compares the original username with the
>adjusted username, and inserts a User-Name attribute if they differ.
>
>Thanks for the suggestion!
>
>-Phil
>
>> ----
>> Jim Howard jhoward@lyceum.com
>> Sr Network Engineer 404.248.1733
>> Lyceum Internet http://www.lyceum.com/
--------------------------------------------------------------
David Mitton 508-670-8888 Main
Consulting Engineer 508-916-4570 Direct
Bay Networks, Internet/Telcom BG 508-916-4789 FAX
Billerica, MA 01821 dmitton@baynetworks.com
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.shore.net/~dreaming/ascend-faq>
or <ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>
References: