[RADIATOR] UsernameBlacklist.txt And case sensitivity

Hugh Irvine hugh at open.com.au
Tue Feb 5 14:57:28 CST 2013 

Hello John -

A more flexible approach is like this:


# users file (NB - the *last* DEFAULT is Accept)

DEFAULT  User-Name = /^brian$/i  Auth-Type = Reject

DEFAULT User-Name = /^sammy$/i Auth-Type = Reject

…..

DEFAULT Auth-Type = Accept


and in the configuration file:

<Handler …..>

	AuthByPolicy ContinueWhileAccept

	<AuthBy FILE>
		NoEAP
		Filename %D/UsernameBlacklist.txt
	</AuthBy>

	<AuthBy ….>
		…..
	</AuthBy>

	…..

</Handler>


hth

Hugh


On 6 Feb 2013, at 06:03, John Goubeaux <goubeaux at education.ucsb.edu> wrote:

> Folks,
> 
> I am using the below <AuthBy FILE> directive in my config file to do a Username Check in order to BlackList users whose accounts have been flagged , in this case for DMCA complaints. The syntax of the deny statement in the file called is:
> 
> brian           Auth-Type = Reject              # DMCA Complaint 22269368039 added on 1/25/13 DoNot remove jg
> 
> 
>  
> 
> <AuthBy FILE>
>                 NoEAP
>                 AcceptIfMissing
>                 Filename /etc/radiator/UsernameBlacklist.txt
>         </AuthBy>
> 
> My Question is: I need to  cover cases where a user changes the case of their login, eg in the above case the user used "Brian" instead of "brian" and got authenticated.
> 
> What is the best way to cover this situation,  eg lowercase all logins.  I found  RewriteUsername         tr/A-Z/a-z/  as possibly one example to add to the config file ?
> 
> 
> Thanks    -john
> 
> -- 
> 
> John Goubeaux
> Systems Administrator
> Gevirtz Graduate School of Education
> UC Santa Barbara
> Education 4203C
> 805 893-8190
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. 
Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc.

More information about the radiator mailing list