On Jul 9, 2020, at 11:12 AM, Luveh Keraph <1.41421@gmail.com> wrote:
I have a FreeRADIUS 3.0.20 server with the following entries in /etc/raddb/users:
abcXYZ User-Password != "MyPassword1" abcXYZ Cleartext-Password := "MyPassword1" MyAttrTag = "One"
abcxyz User-Password != "MyPassword2" abcxyz Cleartext-Password := "MyPassword2" MyAttrTag = "Two"
MyAttrTag is a VSA of my own, which both client and server are aware of.
OK.
When I try to authenticate abcXYZ against this server (with radtest, or by SSH through PAM) the password I have to supply is MyPassword2 - MyPassword1 will not work. When the authentication is successfully completed, I can see that the value of MyAttrTag sent by the server is always "Two", which is of course consistent with the above.
In fact, I can try different camel-case versions of abcxyz, not necessarily with matching entries in /etc/raddb/users, and in all cases my server will just use the entry for abcxyz in that file. I.e. my FreeRADIUS server processes user names case-insensitively.
The default configuration for the "users" file is to be case sensitive. So if it is case INsensitive, you changed something in your local configuration.
Can my FreeRADIUS server be configured so that it processes user names (not passwords) in a case-sensitive way? In the example above, abcxyz and abcXYZ would be two different users, with two different passwords. I have seen a few suggestions on the net, but they seem to be constrained to version 2.* servers.
http://wiki.freeradius.org/list-help Post the debug output. We say this EVERYWHERE in the documentation, and pretty much daily on the list. Alan DeKok.