User name case-sensitivity in FreeRADIUS 3.*

Alan DeKok aland at
Thu Jul 9 18:02:36 CEST 2020

On Jul 9, 2020, at 11:12 AM, Luveh Keraph <1.41421 at> wrote:
> I have a FreeRADIUS 3.0.20 server with the following entries in
> /etc/raddb/users:
> abcXYZ User-Password != "MyPassword1"
> abcXYZ Cleartext-Password := "MyPassword1"
>        MyAttrTag = "One"
> abcxyz User-Password != "MyPassword2"
> abcxyz Cleartext-Password := "MyPassword2"
>        MyAttrTag = "Two"
> MyAttrTag is a VSA of my own, which both client and server are aware of.


> When I try to authenticate abcXYZ against this server (with radtest, or by
> SSH through PAM) the password I have to supply is MyPassword2 - MyPassword1
> will not work. When the authentication is successfully completed, I can see
> that the value of MyAttrTag sent by the server is always "Two", which is of
> course consistent with the above.
> In fact, I can try different camel-case versions of abcxyz, not necessarily
> with matching entries in /etc/raddb/users, and in all cases my server will
> just use the entry for abcxyz in that file. I.e. my FreeRADIUS server
> processes user names case-insensitively.

  The default configuration for the "users" file is to be case sensitive.  So if it is case INsensitive, you changed something in your local configuration.

> Can my FreeRADIUS server be configured so that it processes user names (not
> passwords) in a case-sensitive way? In the example above, abcxyz and abcXYZ
> would be two different users, with two different passwords.  I have seen a
> few suggestions on the net, but they seem to be constrained to version 2.*
> servers.

  Post the debug output.  We say this EVERYWHERE in the documentation, and pretty much daily on the list.

  Alan DeKok.

More information about the Freeradius-Users mailing list