Robert Canary <[EMAIL PROTECTED]> wrote: > Now lets say I try to dialin (using portslave here in this case). I > mistype the username as *R*canary instead of *r*canary. > The RAS is case sensitive. However, radius is allowing the Rcanary and > rcanary.
So run the server in debugging mode, to see which parts of which configuration files are being used... look at those configuration files to see what's going on. Incidentally, the user name comparison in the 'users' file and in rlm_sql is case sensitive. > This results with the user being logged in as "canary" because > portslave will drop the "R". So configure portslave to NOT drop the "R"... > If I have two usernames which differ only by the first letter (rcanary > and canary) if rcanary user logs in with a capital letter then they will > be granted access to the other users files. So fix your configuration to not do that... > Other than trying to control username similarity when usernames are > created, anyone have an idea how to control this? > > PS. Since this invloves PortSlave and freeradius and a security > problem. I doubled posted this on both mail-list. You've either misconfigured portslave, or radiusd. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
