Freeradius-Users Digest, Vol 183, Issue 16

Alan DeKok aland at deployingradius.com
Fri Jul 10 16:29:06 CEST 2020


On Jul 10, 2020, at 10:20 AM, Luveh Keraph <1.41421 at gmail.com> wrote:
> 
> Here is a copy of my users file, with all comments remove:

  Please read http://wiki.freeradius.org/list-help

  We do NOT need to see configuration files.

> DEFAULT Framed-Protocol == PPP
>  Framed-Protocol = PPP,
>  Framed-Compression = Van-Jacobson-TCP-IP
> 
> DEFAULT Hint == "CSLIP"
>  Framed-Protocol = SLIP,
>  Framed-Compression = Van-Jacobson-TCP-IP
> 
> DEFAULT Hint == "SLIP"
>  Framed-Protocol = SLIP
> 
> abcXYZ User-Password != "MyPassword1"
> abcXYZ Cleartext-Password := "MyPassword1"
>  MyAttrTag = "One"
> 
> abcxyz User-Password != "MyPassword2"
> abcxyz Cleartext-Password := "MyPassword2"
>  MyAttrTag = "Two"
> 
> And here's debugging information obtained at the FreeRADIUS server,
> launched with -sxXf

  Why use random command-line options when the documentation says what to do?

> when a client is requesting to be authenticated as
> abcXYZ over SSH, but using the password assigned to abcxyz in the users
> file. A line that reads  EXPAND
> %{%{Stripped-User-Name}:-%{tolower:%{User-Name}}} would seem to reveal that
> the received username is indeed converted to all lowercase by the
> FreeRADIUS server. I searched for references to the above in the FreeRADIUS
> files, and here is what I found:

  That "tolower" configuration was added by someone at your site.  It is NOT in the default configuration.

  You're free to edit the configuration to remove the "tolower"

> ../raddb/mods-available/couchbase: user_key =
> "raduser_%{md5:%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}}"
> ../raddb/mods-available/couchbase:# simul_vkey =
> "%{tolower:%{%{Stripped-User-Name}:-%{User-Name}}}"
> ../raddb/mods-available/files: key =
> "%{%{Stripped-User-Name}:-%{tolower:%{User-Name}}}"
> 
> Is it just a matter of getting rid of the 'key' line in the files directory?

  No... the documentation explains what the "key" configuration does.  I suggest reading it.

  Alan DeKok.


  Alan DeKok.




More information about the Freeradius-Users mailing list