Forum Discussion
1gw_60162
Nimbostratus
Nimbostratuscustom RADIUS authentication
I am new to the TCL and BIG-IP worlds, and am having difficulty figuring this problem out using the Config Guide for LTM. How would I go about writing an iRule to authenticate a client via RADIUS, then pass the username and a static password to the application server(s)? The static password is the same for all users.
- There are shipped authentication rules in profile_base.conf. Check _sys_auth_radius. You make a copy of that rule (use different name though). Then replace string "[HTTP::username]" with the desired name,
replace string "[HTTP::password]" with the desired password. i.e.AUTH::username_credential $tmm_auth_radius_sid "hacker" AUTH::password_credential $tmm_auth_radius_sid "nopasswd"
If you need real username just undo the first change. - If you do mean to rewrite the HTTP authentication header, you can write a new radius auth rule with AUTH_SUCCESS event handler like this:
when AUTH_SUCCESS { if {$tmm_auth_radius_sid eq [AUTH::last_event_session_id]} { set newauth [b64encode [format "%s:%s" [HTTP::username] "xxxx"]] HTTP::header remove Authorization HTTP::header insert Authorization "Basic $newauth" HTTP::release } }
Here, xxxx means the static password. You may replace [HTTP::username] with a static name too. 
karthik_srinivaI am getting error when I try to use [HTTP::header] or [HTTP:username] with in
AUTH_success context
