On May 12, 2022, at 10:03 AM, Simon Dankau <SDankau@rf-computer.de> wrote:
we use FreeRadius at a school with about 3000 users and divide them into different groups. Since support requests often come from teachers who cannot enter their login data with correct capitalization, we want to use FreeRadius "case insensitive".
At school we basically have 3 different groups.
username student : 1234567 (a student's unique ID) username teacher: ABCD username employee: t.surname
Some of our teachers try to login with "Abcd" or "abcd". That does not work, because FreeRadius is case sensitive.
Most databases are case-sensitive, too.
So far I've been browsing the forums and trying a few possible solutions.
This includes the solutions from the following thread: https://lists.freeradius.org/pipermail/freeradius-users/2020-February/097517...
1. Changes in the server configuration authorize { update request { Stripped-User-Name := "%{tolower:%{User-Name}}" } ... everything else ...
}
2. Changes in the "files" module key = "%{%{Stripped-User-Name}:-%{tolower:%{User-Name}}}"
That should work. IF all of the users and passwords are in the "users" file. So... where are the users? LDAP? SQL? Active Directory? You haven't said.
I can only test the login over the command line on our testserver, because i do not want to disrupt our currently working FreeRadius server including the wifi.
All tests performed follow the scheme below.
root@bkr-app:~# radtest TEST password 10.11.100.31:1812 10 test123
Why are you wasting your time looking at the output of radtest? ALL of the documentation says to run the server in debug mode. Read the documentation and follow it. You get a link to the documentation when you join the list: http://wiki.freeradius.org/list-help
Is there a way to use FreeRadius case insensitive so that we can reduce the support requests?
Yes. But it involves explaining what you're doing, and following the documentation. Alan DeKok.