Identity does not match User-Name, setting from EAP Identity. (Freeradius + EAP + MSCHAPv2 + NTLM + AD)

David Aldwinckle daldwinc at uwaterloo.ca
Thu Sep 10 16:50:54 CEST 2015


Thu Sep 10 15:59:41 2015 : Debug: (0) ntdomain : Looking up realm
"EA-MILANO" for User-Name = "EA-MILANO\srv_backup2"
Thu Sep 10 15:59:41 2015 : Debug: (0) ntdomain : Found realm "EA-MILANO"
Thu Sep 10 15:59:41 2015 : Debug: (0) ntdomain : Adding Realm =
"EA-MILANO"
Thu Sep 10 15:59:41 2015 : Debug: (0) ntdomain : Authentication realm is
LOCAL.

The username from the request is User-Name = "EA-MILANO\srv_backup2"

You set something different as EAP-Type-Identity: 

echo "EAP-Type-Identity = \"srv_backup2\""

Try not setting that in the request.

Dave

On Thu, 2015-09-10 at 16:20 +0200, aquilinux wrote:
> Hi all, i'm configuring RADIUS authentication against MS Active Directory.
> So far i've successfully joined the server to the domain and ntlm_auth
> works flawlessly:
> 
> */usr/bin/ntlm_auth --request-nt-key --domain=EA-MILANO
> --username=srv_backup2 --password=xxxxxxxx*
> *NT_STATUS_OK: Success (0x0)*
> 
> but i'm going nuts with freeradius.
> I've read lots of posts in mailing list and howtos about my error:
> 
> Thu Sep 10 15:05:46 2015 : Debug: (0) eap : *Identity does not match
> User-Name, setting from EAP Identity.*
> Thu Sep 10 15:05:46 2015 : Debug: (0) eap : *Failed to get handler,
> probably already removed, not inserting EAP-Failure*
> 
> but still i can't get it working.
> so here i am, asking myself the mailing-list.
> here is my debug output: http://pastebin.com/cvsfxNUA
> and here is the radeapclient request: http://pastebin.com/v4Kwzj66
> 
> thanks in advance!
> 




More information about the Freeradius-Users mailing list