Username case insensitivity

Alan DeKok aland at
Sun Feb 23 14:02:31 CET 2020

On Feb 21, 2020, at 11:44 PM, Luveh Keraph <1.41421 at> wrote:
> All user names that the FreeRADIUS receives for authentication. The password should remain case-sensitive.

  That's generally not a good idea.  For one, databases aren't typically case-insensitive.  So those might see "bob" as different users / accounts / billing than user "BOB".

  If you don't care about case, then the simplest way to fix it is to just mash the User-Name to lowercase.  For various reasons, you should do it this way:

authorize {
	update request {
		Stripped-User-Name := "%{tolower:%{User-Name}}"
	... everything else ...


  That is the simplest way to do it, and the most likely to work for all modules.

> I am just using the basic capabilities provided by FreeRADIUS - entries in /etc/raddb/users. The user name and password information is retrieved from that file. 

  The sample configuration for the "files" module tells you how to change the key used for lookups.  You can just change that to do case-insensitive lookups.

> I tried adding a policy for this in /etc/raddb/policy.d, but I couldn't get that to work either.

  "I tried to do stuff, but it didn't work".

  That isn't a useful thing to say.  It's better to describe WHAT you did, WHY you did it, and WHAT happened.

  Alan DeKok.

More information about the Freeradius-Users mailing list