@fsantaana:
(…)
Right now i'm trying to find out 2 things- how to convert the user name entered to all lowercase and then submitted to the CP page. I'm trying to play around with the forms on the default window but always manage to send a blank username to the CP/Freeradius for authentication.
Take a look here. RADIUS offers this by default:
http://onlamp.com/pub/a/onlamp/excerpt/radius_5/index1.html?page=5
lower_user and lower_pass
To eliminate case problems that often plague authentication methods such as RADIUS, the FreeRADIUS developers have included a feature that will attempt to modify the User-Name and User-Password attributes to make them all lowercase; this is done either before an authentication request, after a failed authentication request using the values of the attributes as they came, or not at all.
Clearly setting the lower_user directive to after makes the most sense: it adds processing time to each request, but unless this particular machine normally carries a high load, the reduced troubleshooting time is worth the extra performance cost. However, a secure password often makes use of a combination of uppercase and lowercase letters, so security dictates leaving the password attribute alone.
Usage:
lower_user = [before/after/no]; lower_pass = [before/after/no]
Suggestion:
lower_user = after; lower_pass = no
nospace_user and nospace_pass
Much like the lower_user and lower_pass controls, these directives preprocess an Access-Request packet and ensure that no spaces are included. The available options are the same: before, after, or no. Again, the most obvious choice is to set nospace_user to after to save helpdesk time. Some administrators have a tendency to not allow spaces in passwords; if this is the case, set nospace_pass to before (since there is a system-wide policy against spaces in passwords, testing a request as-is is not required).
Usage:
nospace_user = [before/after/no]; nospace_password = [before/after/no]
Suggestion:
nospace_user = after; nospace_password = before
@fsantaana:
And trying to see if i can get per user idle timeout instead of a Global timeout.
If you have any ideas let me know !
Idle Timeout on CP is user based as far as I know. If there isn't any traffic for that user more than idel timeout then this user gets disconnected. If the user is initiating traffic then the idle timeout will be reset and is starting counting again from beginning.
Hard Timeout on CP is user based, too but it kicks the user when time is over and user needs to reconnect. CP offers a checkbox "Enable Session-Timeout from RADIUS". You can set this individual for every user and this seems to be the same as the CP hard timeout but could be set independent so every user has a different timeout.
–- edit ---
Loweruser and lower pass seems to be out to date in freeradius 2.x - you should test this if it works or not.
Another possibility could be to use the policy.conf file of freeradius. It does the same with MAC addresses. No matter which format the NAS sends the MAC address, lowercase, uppercase, with ":" or with "-" at the end all MACs look like:
11-22-aa-bb-55-66
To check this look at this wiki:
http://wiki.freeradius.org/guide/Mac-Auth#Plain-Mac-Auth
For MAC addresses already implemented in freeradius –> settings --> "Enable Plain-MAC-Auth"
