User name case-sensitivity in FreeRADIUS 3.*

Luveh Keraph 1.41421 at gmail.com
Thu Jul 9 17:12:39 CEST 2020


I have a FreeRADIUS 3.0.20 server with the following entries in
/etc/raddb/users:

abcXYZ User-Password != "MyPassword1"
abcXYZ Cleartext-Password := "MyPassword1"
        MyAttrTag = "One"

abcxyz User-Password != "MyPassword2"
abcxyz Cleartext-Password := "MyPassword2"
        MyAttrTag = "Two"

MyAttrTag is a VSA of my own, which both client and server are aware of.

When I try to authenticate abcXYZ against this server (with radtest, or by
SSH through PAM) the password I have to supply is MyPassword2 - MyPassword1
will not work. When the authentication is successfully completed, I can see
that the value of MyAttrTag sent by the server is always "Two", which is of
course consistent with the above.

In fact, I can try different camel-case versions of abcxyz, not necessarily
with matching entries in /etc/raddb/users, and in all cases my server will
just use the entry for abcxyz in that file. I.e. my FreeRADIUS server
processes user names case-insensitively.

Can my FreeRADIUS server be configured so that it processes user names (not
passwords) in a case-sensitive way? In the example above, abcxyz and abcXYZ
would be two different users, with two different passwords.  I have seen a
few suggestions on the net, but they seem to be constrained to version 2.*
servers.


More information about the Freeradius-Users mailing list