• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Radius user name case sensitive sensitivity

Scheduled Pinned Locked Moved pfSense Packages
5 Posts 2 Posters 6.8k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    arriflex
    last edited by Apr 21, 2013, 4:43 PM Apr 20, 2013, 5:35 PM

    I cannot find someplace in the FreeRADIUS interface to turn off case sensitive usernames. Currently I am using radius for the pfSense captive portal on to authenticate indefinitely apartment tenants in a a building networked with UniFi AP's. Everything is working basically as expected but the users themselves often try various capitalization schemes with their usernames when authenticating through the CP.

    I think I found a variable "case_sensitive = yes/no" that can be modified in the radiusd.conf file. My concern is that if I modify that file (I assume I can figure out how to do it through the shell) will it remain intact through GUI modifications subsequently? Does it even work if set to "no"?

    arri

    pfSense on Alix:
    2.0.3-PRERELEASE (i386) built on Wed Feb 13 12:43:57 EST 2013
    FreeBSD 8.1-RELEASE-p13

    FreeRadius2 version: 2.1.12_1 pkg v1.6.6_4

    1 Reply Last reply Reply Quote 0
    • N
      Nachtfalke
      last edited by Apr 20, 2013, 7:01 PM

      @arriflex:

      I cannot find someplace in the FreeRADIUS interface to turn off case sensitive usernames. Currently I am using radius for the pfSense captive portal on 2.0.3-PRERELEASE (i386) built on Wed Feb 13 12:43:57 EST 2013 FreeBSD 8.1-RELEASE-p13 to authenticate indefinitely apartment tenants in a a building networked with UniFi AP's. Everything is working basically as expected but the users themselves often try various capitalization schemes with their usernames when authenticating through the CP.

      I think I found a variable "case_sensitive = yes/no" that can be modified in the radiusd.conf file. My concern is that if I modify that file (I assume I can figure out how to do it through the shell) will it remain intact through GUI modifications subsequently? Does it even work if set to "no"?

      arri

      The problem will be that the option "lower_user = yes" is deprecated in freeradius 2.x It was only valid in 1.x
      I was searching for such a solution some months ago but I could not remember any good solution. If you find one please let me know.

      1 Reply Last reply Reply Quote 0
      • A
        arriflex
        last edited by Apr 21, 2013, 4:38 PM

        Good to know, thank you. I'll report back if I figure something out for the radius configuration that is sustainable.

        My big issue is that I found most touch based devices were auto-capitalizing the username from the CP so I gave tenants User## for their username. Unfortunately their laptops are not doing that and boy howdy does it cause a lot of confusion. There really aren't so many users that I can't just do it by hand, but it could become a management nightmare later.

        While I'm at it, I need to figure out a decent security but easier to input password for them as the form 12345-67890 is not making it from their lease paperwork to their devices appropriately!

        arri

        1 Reply Last reply Reply Quote 0
        • N
          Nachtfalke
          last edited by Apr 21, 2013, 5:00 PM

          a way to do that could be "unlage" - the radius scriptng language. Perhaps some code on the default server in the pre-auth section which transforms the letters.

          This could be something which is "easy" to implement on code and GUI but would be only possible for all authentication processes and not for separate usernames. But I don't think this would be a big problem.

          http://freeradius.org/radiusd/man/unlang.html
          I think of the possibility to "update" an request and the "User-Name" and then do some regex and replace all capitalized letters with small letters.

          1 Reply Last reply Reply Quote 0
          • N
            Nachtfalke
            last edited by Apr 24, 2013, 6:23 PM

            There is some dialogue on freeradius mailing lists:
            http://lists.freeradius.org/pipermail/freeradius-users/2013-April/066212.html

            Alan Dekok is one of the developers of freeradius. He is an absolute expert in freeradius but - in my opinion - he is not very polite when posting on the list.

            As far as I understand him you could add something like the following in "../raddb/policy.conf"

            
            if (User-Password) {
            	update request {
            		User-Password := "%{tolower:%{User-Password}}"
            	}
            }
            
            

            Perhaps you cann follow this conversation and test and if you found a solution post it here that we can implement this into GUI.

            1 Reply Last reply Reply Quote 0
            1 out of 5
            • First post
              1/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received