Dear Alan DeKok

thanks for your help

i use it  to get some to=ime to transfer all user information from other AAA server.

i try to change Cleartext-Password  to lower case by this code in authorize  section

But if password saved in database in upercase it can not be match to client lowercase password ...!!!

i think i should change 
Cleartext-Password  to lower case in other section

        update control {
                 Cleartext-Password := "%{tolower:%{control:Cleartext-Password}}"
         }


Best regards




On Wed, Apr 24, 2013 at 7:17 PM, Alan DeKok <aland@deployingradius.com> wrote:
Mehdi Ravanbakhsh wrote:
> how i could check  case insensitive password for user..

  You don't.

> and it is better if i could limit this kind of password check for some
> nas-ip-adress.

  Write "unlang" rules to do that.

> which part of config file should be modified for this problem?

  Write a policy:


        if (User-Password) {
                update request {
                        User-Password := "%{tolower:%{User-Password}}"

                }
        }

  This will force all passwords to lowercase.  They will need to be in
the database as lowercase.

  Or, edit your database queries to do case-insensitive checks.

  In general, this is a very bad idea.  It's insecure.

  Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html