User name case-sensitivity in FreeRADIUS 3.*
Alan DeKok
aland at deployingradius.com
Thu Jul 9 18:02:36 CEST 2020
On Jul 9, 2020, at 11:12 AM, Luveh Keraph <1.41421 at gmail.com> wrote:
>
> I have a FreeRADIUS 3.0.20 server with the following entries in
> /etc/raddb/users:
>
> abcXYZ User-Password != "MyPassword1"
> abcXYZ Cleartext-Password := "MyPassword1"
> MyAttrTag = "One"
>
> abcxyz User-Password != "MyPassword2"
> abcxyz Cleartext-Password := "MyPassword2"
> MyAttrTag = "Two"
>
> MyAttrTag is a VSA of my own, which both client and server are aware of.
OK.
> When I try to authenticate abcXYZ against this server (with radtest, or by
> SSH through PAM) the password I have to supply is MyPassword2 - MyPassword1
> will not work. When the authentication is successfully completed, I can see
> that the value of MyAttrTag sent by the server is always "Two", which is of
> course consistent with the above.
>
> In fact, I can try different camel-case versions of abcxyz, not necessarily
> with matching entries in /etc/raddb/users, and in all cases my server will
> just use the entry for abcxyz in that file. I.e. my FreeRADIUS server
> processes user names case-insensitively.
The default configuration for the "users" file is to be case sensitive. So if it is case INsensitive, you changed something in your local configuration.
> Can my FreeRADIUS server be configured so that it processes user names (not
> passwords) in a case-sensitive way? In the example above, abcxyz and abcXYZ
> would be two different users, with two different passwords. I have seen a
> few suggestions on the net, but they seem to be constrained to version 2.*
> servers.
http://wiki.freeradius.org/list-help
Post the debug output. We say this EVERYWHERE in the documentation, and pretty much daily on the list.
Alan DeKok.
More information about the Freeradius-Users
mailing list