Hallo to all,
I need a procedure to convert usernames from upper to lower letters. The
entries in the fastuser files are all in lower letters. When an
access-request comes where the username is in uppercase it has to be
converted to lowercase otherwise the authentication will fail.
In the FR version 1.x there was a config option "lower_user = before".
This isn't existent in the 2.x version anymore. I tried to achieve this
with unlang but wasn't successful. With the attribute rewrite option I
can't find a way to do this either.
Therefore my question: how can I convert the User-Name attribute from
uppercase to lowercase?
I did the following :
Radiusd.conf:
----------------------------------------------
authorize {
preprocess
eap
if ("%{User-Name}" !~ /(%{User-Name}\L)/ ) {
update request {
User-Name = `%{1}`
}
}
fastusers_voip_printer {
ok = return
}
fastusers_mac {
ok = return
}
fastusers_assigned {
ok = return
}
fastusers_all {
notfound = reject
}
}
fastusers_all:
------------------------------------------------------------------------
-
radiustest3 Auth-Type := EAP
Service-Type = Framed-User,
Tunnel-Type = VLAN,
Tunnel-Medium-Type = IEEE-802,
Tunnel-Private-Group-ID = 230,
Reply-Message = "auth.... von fastuser_all"
Radiusd -X :
------------------------------------------------------------------------
------------------
rad_recv: Access-Request packet from host 146.254.173.225 port 48125,
id=0, length=130
User-Name = "RAdiustest2"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message = 0x02000010015241646975737465737432
Message-Authenticator = 0x5093767d601db7bf8a1ba95e9200fc77
+- entering group authorize
++[preprocess] returns ok
rlm_eap: EAP packet type response id 0 length 16
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
++? if ("%{User-Name}" !~ /(%{User-Name})\L)/ )
expand: %{User-Name} -> RAdiustest2
expand: (%{User-Name})L) -> (RAdiustest2)L)
? Evaluating ("%{User-Name}" !~ /(%{User-Name})\L)/) -> TRUE
++? if ("%{User-Name}" !~ /(%{User-Name})\L)/ ) -> TRUE
++- entering if ("%{User-Name}" !~ /(%{User-Name})\L)/ )
expand: %{1} ->
Exec-Program output: Exec-Program: FAILED to execute : No such file or
directory
Exec-Program-Wait: plaintext: Exec-Program: FAILED to execute : No such
file or directory
Exec-Program: returned: 1
+++[request] returns invalid
++- if ("%{User-Name}" !~ /(%{User-Name})\L)/ ) returns invalid
Invalid user: [RAdiustest2/<via Auth-Type = EAP>] (from client radtest2
port 0 cli 02-00-00-00-00-01)
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 0 to 146.254.173.225 port 48125
Waking up in 0.9 seconds.
Cleaning up request 0 ID 0 with timestamp +5
Ready to process requests.
------------------------------------------------------------------------
-------------------------------
I'm sure I have missed something in the docs.
Is there a possible setup? I've already searched in the config examples,
docs, manpages and the mailing list archive but without luck.
Thank you in advance.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
