Case insensitive username
Simon Dankau
SDankau at rf-computer.de
Thu May 12 14:03:53 UTC 2022
Hello,
we use FreeRadius at a school with about 3000 users and divide them into different groups.
Since support requests often come from teachers who cannot enter their login data with correct capitalization, we want to use FreeRadius "case insensitive".
At school we basically have 3 different groups.
username student : 1234567 (a student's unique ID)
username teacher: ABCD
username employee: t.surname
Some of our teachers try to login with "Abcd" or "abcd". That does not work, because FreeRadius is case sensitive.
So far I've been browsing the forums and trying a few possible solutions.
This includes the solutions from the following thread:
https://lists.freeradius.org/pipermail/freeradius-users/2020-February/097517.html
1. Changes in the server configuration
authorize {
update request {
Stripped-User-Name := "%{tolower:%{User-Name}}"
}
... everything else ...
}
2. Changes in the "files" module
key = "%{%{Stripped-User-Name}:-%{tolower:%{User-Name}}}"
I can only test the login over the command line on our testserver, because i do not want to disrupt our currently working FreeRadius server including the wifi.
All tests performed follow the scheme below.
root at bkr-app:~# radtest TEST password 10.11.100.31:1812 10 test123
Sent Access-Request Id 245 from 0.0.0.0:33130 to 10.11.100.31:1812 length 74
User-Name = "TEST"
User-Password = "start12K"
NAS-IP-Address = 10.11.100.31
NAS-Port = 10
Message-Authenticator = 0x00
Cleartext-Password = "start12K"
Received Access-Accept Id 245 from 10.11.100.31:1812 to 0.0.0.0:0 length 55
Reply-Message = "DEBUG: Lehrer VPN"
Tunnel-Type:0 = VLAN
Tunnel-Medium-Type:0 = IEEE-802
Tunnel-Private-Group-Id:0 = "37"
root at bkr-app:~# radtest test start12K 10.11.100.31:1812 10 test123
Sent Access-Request Id 73 from 0.0.0.0:45170 to 10.11.100.31:1812 length 74
User-Name = "test"
User-Password = "start12K"
NAS-IP-Address = 10.11.100.31
NAS-Port = 10
Message-Authenticator = 0x00
Cleartext-Password = "start12K"
Received Access-Reject Id 73 from 10.11.100.31:1812 to 0.0.0.0:0 length 46
Reply-Message = "DEBUG: Not found, reject"
(0) -: Expected Access-Accept got Access-Reject
root at bkr-app:~#
Is there a way to use FreeRadius case insensitive so that we can reduce the support requests?
Greetings from Germany,
Simon
More information about the Freeradius-Users
mailing list