rlm_eap: Identity does not match User-Name...

Michael Patzer michael.patzer at netviewer.com
Wed Dec 12 11:06:12 CET 2007


hi,

i found the same question and also this topic already on the
mailinglist,
but no solution which works for me. i'm already debugging this thing 
the whole day, without any solution.

i'm using 802.1x with 

clients: winXP sp2 

method: EAP-MSCHAPv2

server: 2.0.0-pre1


it works all fine, as long as i'm not supply any domain-name. if i
supply
a domain-name it immediately fails with

rlm_eap: Identity does not match User-Name, setting from EAP Identity.

could anybody help me with that?

and yes, there is no entry in "users" for EAP.

thx
michael


******************
* DEBUG LOG
******************

rad_recv: Access-Request packet from host 192.168.0.240 port 1645,
id=66, length=149
        User-Name = "DOMAINXYZ\\mipa"
        Service-Type = Framed-User
        Framed-MTU = 1500
        Called-Station-Id = "00-1A-E2-D8-3D-81"
        Calling-Station-Id = "00-80-C8-39-16-92"
        EAP-Message = 0x0202001601454e54455250524953455c7061747a6572
        Message-Authenticator = 0xfe2f2b31d8a812b6338524fe5618414e
        NAS-Port-Type = Ethernet
        NAS-Port = 50001
        NAS-IP-Address = 192.168.0.240
  Processing the authorize section of radiusd.conf
modcall:  entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
  rlm_eap: EAP packet type response id 2 length 22
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
  modcall[authorize]: module "files" returns noop for request 0
perl_pool: item 0x816a2d8 asigned new request. Handled so far: 1
found interpetator at address 0x816a2d8
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 00-80-C8-39-16-92
rlm_perl: Added pair Called-Station-Id = 00-1A-E2-D8-3D-81
rlm_perl: Added pair Message-Authenticator =
0xfe2f2b31d8a812b6338524fe5618414e
rlm_perl: Added pair User-Name = DOMAINXYZ\\mipa
rlm_perl: Added pair EAP-Message =
0x0202001601454e54455250524953455c7061747a6572
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = 192.168.0.240
rlm_perl: Added pair NAS-Port = 50001
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair Auth-Type = EAP
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x816a2d8
  modcall[authorize]: module "perl" returns ok for request 0
  modcall[authorize]: module "expiration" returns noop for request 0
  modcall[authorize]: module "logintime" returns noop for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall:  entering group authenticate for request 0
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
  rlm_eap: Failed in handler
  modcall[authenticate]: module "eap" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
  Found Post-Auth-Type 
  Processing the post-auth section of radiusd.conf
modcall:  entering group REJECT for request 0
radius_xlat:  'DOMAINXYZ\\mipa'
 attr_filter: Matched entry DEFAULT at line 11
  modcall[post-auth]: module "attr_filter.access_reject" returns updated
for request 0
modcall: group REJECT returns updated for request 0
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 66 to 192.168.0.240 port 1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 66 with timestamp 475edfcb
Nothing to do.  Sleeping until we see a request.





More information about the Freeradius-Users mailing list