Freeraius vs NPS

Alan DeKok aland at
Mon May 8 17:08:46 CEST 2017

On May 8, 2017, at 10:08 AM, Martin, Jeremy <jmartin at> wrote:
> For the sake of completeness and my own sanity if I have to tackle this issue again in the future the following was the solution to my problem:
> authorize {
>        if ("%{sql:SELECT COUNT(username) FROM radreject WHERE UPPER(username) = UPPER('%{User-Name}')}" > 0) {
>           reject
>        }

  That's a good solution.  We recommend using custom tables for custom rules.

  The one thing I'd say is that you probably *also* want to reject users whose User-Names don't have the correct case.

  i.e.  if the user's name is "bob", and they log in as "Bob", or "bOb", those attempts should be rejected *no matter what*.

  Alan DeKok.

More information about the Freeradius-Users mailing list