User name case-sensitivity in FreeRADIUS 3.*
Luveh Keraph
1.41421 at gmail.com
Thu Jul 9 17:12:39 CEST 2020
I have a FreeRADIUS 3.0.20 server with the following entries in
/etc/raddb/users:
abcXYZ User-Password != "MyPassword1"
abcXYZ Cleartext-Password := "MyPassword1"
MyAttrTag = "One"
abcxyz User-Password != "MyPassword2"
abcxyz Cleartext-Password := "MyPassword2"
MyAttrTag = "Two"
MyAttrTag is a VSA of my own, which both client and server are aware of.
When I try to authenticate abcXYZ against this server (with radtest, or by
SSH through PAM) the password I have to supply is MyPassword2 - MyPassword1
will not work. When the authentication is successfully completed, I can see
that the value of MyAttrTag sent by the server is always "Two", which is of
course consistent with the above.
In fact, I can try different camel-case versions of abcxyz, not necessarily
with matching entries in /etc/raddb/users, and in all cases my server will
just use the entry for abcxyz in that file. I.e. my FreeRADIUS server
processes user names case-insensitively.
Can my FreeRADIUS server be configured so that it processes user names (not
passwords) in a case-sensitive way? In the example above, abcxyz and abcXYZ
would be two different users, with two different passwords. I have seen a
few suggestions on the net, but they seem to be constrained to version 2.*
servers.
More information about the Freeradius-Users
mailing list