Well I have found the answer. In the proxy realm I've put nostrip and it is working now.



2006/5/18, wekz <fbl.list@gmail.com>:
Hello everyone,

I've configured a freeradius 1.1.1 + LDAP for eap-tls authentication with domains.

authorize {
   preprocess
   ntdomain
   ...
}

realm host {
   type = radius
   authhost = LOCAL
   accthost = LOCAL
   strip
}


This configuration gives an error:

    rlm_eap: Identity does not match User-Name, setting from EAP Identity.

When I enable with_ntdomain_hack in eap.conf it works quite well.  Could anyone tell me why it's neccesary?

The problem is that this secondary_radius do proxy when it doesn't find the user in its LDAP and the master_radius gives this error:
 
    rlm_eap: Identity does not match User-Name, setting from EAP Identity.


I've tried in master_radius the same configuration with and without ntdomain_hack and it fails.


I've been thinking of adding the realm before the secondary do proxy, so the master could treat the request as it's been local. But I don't like this too much.


Does anyone have a better idea of what to do?


Thanks.