<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
</head>
<body dir="auto">
<div>When this occurs, do you get something in your log that tells you that this is the reason for the auth failure?</div>
<div><br>
</div>
<div>Also, isn't inner anonymity one of the permitted benefits of the federated EAP structure used by eduroam? That is, guests are permitted to hide their real user IDs while not at "home"?<br>
<br>
Sent from my mobile device.</div>
<div><br>
On Feb 11, 2014, at 8:52, "inverse" <<a href="mailto:inverse@ngi.it">inverse@ngi.it</a>> wrote:<br>
<br>
</div>
<blockquote type="cite">
<div>
<div dir="ltr">The "eap_custom" module seems responsible for this behaviour so you should look into its config, curiously enough I've found no traces of it in my freeradius 2.2.3
<br>
<div>
<div><br>
Tue Feb 11 09:58:32 2014 : Debug: [eap_custom] Request found, released from the list<br>
Tue Feb 11 09:58:32 2014 : Debug: [eap_custom] Identity does not match User-Name. Authentication failed.<br>
Tue Feb 11 09:58:32 2014 : Debug: [eap_custom] Failed in handler
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra">However I consider this a feature, not a bug. In fact as a local policy for eduroam I've placed this in the inner-tunnel 's post-auth section:<br>
<br>
if ( "%{outer.request:User-Name}" != "%{User-Name}" ){ <br>
reject <br>
} <br>
<br>
<br>
</div>
<div class="gmail_extra">which does exactly that. If you see something along these lines, you've found the source of your problems<br>
<br>
<br>
<br>
</div>
<div class="gmail_extra">Best regards,<br>
<br>
Inverse<br>
<br>
</div>
<div class="gmail_extra"><br>
<br>
</div>
<div class="gmail_extra"><br>
</div>
<div class="gmail_extra"><br>
<div class="gmail_quote">On Tue, Feb 11, 2014 at 2:45 PM, douglas eseng <span dir="ltr">
<<a href="mailto:douglas.eseng@gmail.com" target="_blank">douglas.eseng@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div>
<div>
<div>
<div>
<div>Encountered the following issue.<br>
</div>
<br>
</div>
Running FR 2.2.3. PEAP tunneled authentication was successful. But get rejected due to username mismatch. No issue when both username are the same.<br>
</div>
</div>
</div>
</div>
<br>
</blockquote>
</div>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<blockquote type="cite">
<div><span>-</span><br>
<span>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html">
http://www.freeradius.org/list/users.html</a></span></div>
</blockquote>
</body>
</html>