On 29 Jan 2014, at 16:44, Maciej Milewski <milu@dat.pl> wrote:
Wed Jan 29 17:20:58 2014 : Debug: %{tolower:%{User-Name}} Wed Jan 29 17:20:58 2014 : Debug: Parsed xlat tree: Wed Jan 29 17:20:58 2014 : Debug: xlat: tolower Wed Jan 29 17:20:58 2014 : Debug: { Wed Jan 29 17:20:58 2014 : Debug: attribute: User-Name Wed Jan 29 17:20:58 2014 : Debug: { Wed Jan 29 17:20:58 2014 : Debug: ref 2 Wed Jan 29 17:20:58 2014 : Debug: list 1 Wed Jan 29 17:20:58 2014 : Debug: tag -128 Wed Jan 29 17:20:58 2014 : Debug: } Wed Jan 29 17:20:58 2014 : Debug: } Wed Jan 29 17:20:58 2014 : Debug: (0) expand: "%{tolower:%{User-Name}}" -> 'a guest' Wed Jan 29 17:20:58 2014 : Debug: (0) ? if (User-Name != "%{tolower:%{User-Name}}") -> TRUE Wed Jan 29 17:20:58 2014 : Debug: (0) if (User-Name != "%{tolower:%{User-Name}}") { Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[authorize]: calling reject (rlm_always) for request 0 Wed Jan 29 17:20:58 2014 : Debug: (0) modsingle[authorize]: returned from reject (rlm_always) for request 0 Wed Jan 29 17:20:58 2014 : Debug: (0) [reject] = reject Wed Jan 29 17:20:58 2014 : Debug: (0) } # if (User-Name != "%{tolower:%{User-Name}}") = reject Wed Jan 29 17:20:58 2014 : Debug: (0) } # filter_username filter_username = reject Wed Jan 29 17:20:58 2014 : Debug: (0) } # authorize = reject
Please just use -X, the extra info isn't useful.. There's a policy filter_username which does basic checks on incoming user names to make sure they look like NAIs. if (User-Name != "%{tolower:%{User-Name}}") { reject } Is the bit causing the trouble. Comment it out in filter_username, or comment out the call to filter_username, it's got nothing to do with the users file... Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2