[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] Radius replacement
From: |
Sergey Poznyakoff |
Subject: |
Re: [Help-gnu-radius] Radius replacement |
Date: |
Fri, 19 Aug 2005 11:25:05 +0300 |
Derrick MacPherson <address@hidden> wrote:
> ntlm_auth can access the info, I've got squid doing so using:
>
> auth_param ntlm program /usr/local/bin/ntlm_auth \
> --helper-protocol=squid-2.5-ntlmssp --require-\
> membership-of=S-1-5-21-1058564242-1277044956-825688854-1337\
> Domain Group (2)
>
> auth_param basic program /usr/local/bin/ntlm_auth \
> --helper-protocol=squid-2.5-basic
>
> Is there a way for gnu-radius to interpert that data?
Yes, you can use filters[1] to do so. You will have to use
ntlm-server-1 helper protocol and install a wrapper around ntlm_auth.
In general, the (untested) configuration will look like that:
1. Filter script (/usr/local/bin/ntlm-filter):
#! /bin/sh
NTLM_OPTIONS=--require-membership-of=\
S-1-5-21-1058564242-1277044956-825688854-1337
while read USER PASS
do
echo "Username: $USER"
echo "Password: $PASS"
echo "."
done |
ntlm_auth --helper-protocol=ntlm-server-1 $NTLM_OPTIONS |
(status=No
message=""
while read RESULT REST
do
case $RESULT in
Authenticated:)
status=$REST;;
Authentication-Error:)
message=$REST;;
.) if [ $status = Yes ]; then
echo 0
elif [ -n "$message" ]; then
echo "1 Reply-Message = \"$message\""
else
echo 1
fi
status=No
message=""
;;
esac
done)
# End of ntlm-filter
2. raddb/config file:
filters {
filter ntlm {
exec-path "/usr/local/bin/ntlm-filter";
error-log "ntml-filter.log";
auth {
input-format "%C{User-Name} %C{User-Password}"
wait-reply yes;
};
};
};
3. raddb/users file:
DEFAULT Auth-Type = Accept
Exec-Program-Wait = "|ntlm"
Notice that this is only a framework, since I have not got any windows
machines to test it on, so you may need to tailor it to your needs.
As usual, feel free to write if you encounter any problems.
Regards,
Sergey
[1] For a detailed description of filters, please see
http://www.gnu.org/software/radius/manual/html_node/radius_102.html#SEC192