Hello Alexey -
On Fri, 17 Nov 2000, Alexey A. Shavaldin wrote:
> Hello !
>
> I have experienced a problem with simultaneous logins of such a case.
> I have global RewriteUsername defined in my radius.cfg:
>
> RewriteUsername tr/[A-Z]/[a-z]/
> RewriteUsername s/^(.*)\/(.*)/$2/
> RewriteUsername s/^(.*)\\(.*)/$2/
> RewriteUsername tr/A-Za-z0-9_@,\\\ \.\-/\*/c
>
> Simultaneous login limits work OK for users, who enter their usernames in low
> register, but not for users, who try to mix upper and lower register symbols.
> Their Access-Requests are accepted everywhere. Here is part of my trace4 log:
>
This is really a business policy issue, rather than a technical Radiator issue.
You have two opposing views being expressed:
1. do you allow "naive" users to misspell their login names and still be
accepted?
2. do you forbid "clever" users from abusing multiple use limits?
You have to decide which policy to implement - you can't do both.
As to checking simultaneous use - the problem is that the NAS keeps the
username string that was entered by the user, so the session database also
needs to keep that string to be able to query the NAS.
In this case (and others as discussed on the list) I tend towards the strict
view, that simply rejects unacceptable login attempts.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
