Folks,

Using Ralf's Radius plug-ins talking to FreeRadius for OVPN authentication.

Config is as would expect


with duplicate-cn disabled and

plugin radiusplugin.so radius.cnf
username-as-common-name

All works fine, specifically if a user tries to authenticate twice the
lack of duplicate-cn support kicks off the original session FIFO like,
as desired and expected.

However I recently noticed that if the user uses different
capitalization in the userID then the duplicate sessions are allowed
(i.e. the CN's are considered different)


Any inputs as to where to best handle this to make userID case
insensitive? Where is this being picked up w.r.t. OVPN setting the
CN/Session handle.


* User Radius Accounting is one option obviously but I'm always nervous
about the integrity of session closures in the accounting records which
would cause grief.

* Manipulate the response from FreeRadius to force lowercase...I'm not
sure if this will solve this as I don't know where in the sequence OVPN
decides what to use as the CN

* Other ideas ;-)


Thanks all.

Colin Ryan