On Feb 21, 2020, at 5:48 PM, Luveh Keraph <1.41421 at gmail.com> wrote:
I would like for my FreeRADIUS 3.0.20 server to match user names to be authenticated in a case-insensitive way.
You want it to match *all* names in a case insensitive way?
All user names that the FreeRADIUS receives for authentication. The password should remain case-sensitive.
To that effect, I changed the contents of /etc/raddb/mods-enabled/sradutmp as follows:
radutmp sradutmp { filename = ${logdir}/sradutmp case_sensitive = "no"
No... that changes the case insensitivity of the *radutmp* module. The comments in the module > make this clear.
OK, thanks.
When I launch the FreeRADIUS server with -sfXx in the resulting traces I can see that the module above has been loaded, and that the case_sensitive attribute is indeed set to "no". However, the FreeRADIUS server remains user name case-sensitive. What am I misunderstanding here?
You're seeing the server run modules which *aren't* radump, and which *don't* take any "case_sensitive" parameter. I'm not sure why editing the "radutmp" module would make the "files" or "pap" module be case insensitive.
OK.
In FreeRADIUS, user name lookups are generally done via databases. If you want the lookups > to be case insensitive, then change the database queries
So... which database are you using to look up user names / passwords?
I am just using the basic capabilities provided by FreeRADIUS - entries in /etc/raddb/users. The user name and password information is retrieved from that file. I tried adding a policy for this in /etc/raddb/policy.d, but I couldn't get that to work either.