On 01/29/2014 11:44 AM, Maciej Milewski wrote: Did you try reading the debug output you posted? Or is that our job ;-)
Wed Jan 29 17:20:58 2014 : Debug: (0) [reject] = reject Wed Jan 29 17:20:58 2014 : Debug: (0) } # if (User-Name != "%{tolower:%{User-Name}}") = reject Wed Jan 29 17:20:58 2014 : Debug: (0) } # filter_username filter_username = reject Wed Jan 29 17:20:58 2014 : Debug: (0) } # authorize = reject Wed Jan 29 17:20:58 2014 : Debug: (0) Using Post-Auth-Type Reject
raddb/policy.d/filter # # Filter the username # # Force some sanity on User-Name. This helps to avoid issues # issues where the back-end database is "forgiving" about # what constitutes a user name. # filter_username { # # reject mixed case # e.g. "UseRNaMe" # if (User-Name != "%{tolower:%{User-Name}}") { reject } -- John