Folks, Using Ralf's Radius plug-ins talking to FreeRadius for OVPN authentication.
Config is as would expect with duplicate-cn disabled and plugin radiusplugin.so radius.cnf username-as-common-name All works fine, specifically if a user tries to authenticate twice the lack of duplicate-cn support kicks off the original session FIFO like, as desired and expected. However I recently noticed that if the user uses different capitalization in the userID then the duplicate sessions are allowed (i.e. the CN's are considered different) Any inputs as to where to best handle this to make userID case insensitive? Where is this being picked up w.r.t. OVPN setting the CN/Session handle. * User Radius Accounting is one option obviously but I'm always nervous about the integrity of session closures in the accounting records which would cause grief. * Manipulate the response from FreeRadius to force lowercase...I'm not sure if this will solve this as I don't know where in the sequence OVPN decides what to use as the CN * Other ideas ;-) Thanks all. Colin Ryan ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ Openvpn-users mailing list Openvpn-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-users
