<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt; "><span style="background-color: transparent; ">Here is the failure trace for this user: </span><span style="background-color: transparent; "> domain1\user1 Cleartext-Password := "pass1":</span><br></div><div style="font-family: 'times new roman', 'new york', times, serif; font-size: 16px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal; ">The backslash leads the code to think it's System auth_type when in fact it's PAP.</div><div style="font-family: 'times new roman', 'new york', times, serif; font-size: 16px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal; "><span><br></span></div><div style="font-family: 'times new roman', 'new york', times, serif; font-size: 16px;
color: rgb(0, 0, 0); background-color: transparent; font-style: normal; "><span><br></span></div><div style="background-color: transparent; "><span><div style="background-color: transparent; ">Ready to process requests.</div><div style="background-color: transparent; ">rad_recv: Access-Request packet from host 127.0.0.1:63550, id=1, length=58</div><div style="background-color: transparent; "> User-Name = "domain1\\user1"</div><div style="background-color: transparent; "> User-Password = "pass1"</div><div style="background-color: transparent; "> Processing the authorize section of radiusd.conf</div><div style="background-color: transparent; ">modcall: entering group authorize for request 0</div><div style="background-color: transparent; "> modcall[authorize]: module "preprocess" returns ok for request 0</div><div style="background-color: transparent; ">radius_xlat:
'../var/log/radius/radacct/127.0.0.1/auth-detail-20120926.log</div><div style="background-color: transparent; ">rlm_detail: ../var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m</div><div style="background-color: transparent; ">g expands to ../var/log/radius/radacct/127.0.0.1/auth-detail-20120926.log</div><div style="background-color: transparent; "> modcall[authorize]: module "auth_log" returns ok for request 0</div><div style="background-color: transparent; "> modcall[authorize]: module "chap" returns noop for request 0</div><div style="background-color: transparent; "> modcall[authorize]: module "mschap" returns noop for request 0</div><div style="background-color: transparent; "> rlm_realm: No '@' in User-Name = "<span style="background-color: transparent; ">domain1\\user1</span><span style="background-color: transparent; ">", looking up realm</span></div><div style="background-color: transparent;
"><br></div><div style="background-color: transparent; "> rlm_realm: No such realm "NULL"</div><div style="background-color: transparent; "> modcall[authorize]: module "suffix" returns noop for request 0</div><div style="background-color: transparent; "> rlm_eap: No EAP-Message, not doing EAP</div><div style="background-color: transparent; "> modcall[authorize]: module "eap" returns noop for request 0</div><div style="background-color: transparent; "> users: Matched entry DEFAULT at line 171</div><div style="background-color: transparent; "> modcall[authorize]: module "files" returns ok for request 0</div><div style="background-color: transparent; ">rlm_pap: WARNING! No "known good" password found for the user. Authenticat</div><div style="background-color: transparent; ">ay fail because of this.</div><div style="background-color: transparent; "> modcall[authorize]: module "pap" returns noop
for request 0</div><div style="background-color: transparent; ">modcall: leaving group authorize (returns ok) for request 0</div><div style="background-color: transparent; "> rad_check_password: Found Auth-Type System</div><div style="background-color: transparent; ">auth: type "System"</div><div style="background-color: transparent; "> ERROR: Unknown value specified for Auth-Type. Cannot perform requested a</div><div style="background-color: transparent; ">.</div><div style="background-color: transparent; ">auth: Failed to validate the user.</div><div style="background-color: transparent; ">Login incorrect: [<span style="background-color: transparent; ">domain1\\user1</span><span style="background-color: transparent; ">/pass1] (from client localhost port 0)</span></div></span></div><div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt; "><br></div><div style="font-family: 'times new roman', 'new
york', times, serif; font-size: 16px; color: rgb(0, 0, 0); background-color: transparent; font-style: normal; "><br></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt; "> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt; "> <div dir="ltr"> <font size="2" face="Arial"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> Crne We <crnewe@yahoo.com><br> <b><span style="font-weight: bold;">To:</span></b> alan buxey <A.L.M.Buxey@lboro.ac.uk>; FreeRadius users mailing list <freeradius-users@lists.freeradius.org> <br> <b><span style="font-weight: bold;">Sent:</span></b> Wednesday, September 26, 2012 12:07 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> Re: handling win domain name in username<br> </font> </div> <br>
<meta http-equiv="x-dns-prefetch-control" content="off"><div id="yiv177887802"><div><div style="color: rgb(0, 0, 0); background-color: rgb(255, 255, 255); font-family: 'times new roman', 'new york', times, serif; font-size: 12pt; "><div><span>The user name in LDAP is of the form domainname\username. I wanted to configure the same username in the freeradius as well but different password than LDAP. Authentication fails on the Radius side with this kind of username. If freeradius doesn;t care, not sure why it fails for such usernames.</span></div><div><br></div> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt; "> <div style="font-family: 'times new roman', 'new york', times, serif; font-size: 12pt; "> <div dir="ltr"> <font size="2" face="Arial"> <hr size="1"> <b><span style="font-weight:bold;">From:</span></b> alan buxey <A.L.M.Buxey@lboro.ac.uk><br> <b><span style="font-weight:bold;">To:</span></b> Crne We
<crnewe@yahoo.com>; FreeRadius users mailing list <freeradius-users@lists.freeradius.org> <br>
<b><span style="font-weight:bold;">Sent:</span></b> Wednesday, September 26, 2012 1:07 AM<br> <b><span style="font-weight:bold;">Subject:</span></b> Re: handling win domain name in username<br> </font> </div> <br>
Hi,<br>> Environmnet: Freeradius with PAP on Windows<br>> Username: domain\user1<br>> password: *******<br>> Looks like the Freeradius doesn't seem to like the windows domain name as<br>> part of username?<br><br>FreeRADIUS doesnt care. your chosen authentication method cares. if you dont want that 'domain'<br>to appear then use the prefix module and ensure you have that domain listed in proxy.conf eg<br><br>domain {<br>}<br><br>alan<br><br><br> </div> </div> </div></div></div><meta http-equiv="x-dns-prefetch-control" content="on"><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank">http://www.freeradius.org/list/users.html</a><br><br> </div> </div>
</div></body></html>