Hi,
Is there any way to see the request the client is sending the server?
err, yes - you posted it - its in the debug output!
User-Name = "Aviator" NAS-IP-Address = 10.0.0.4 NAS-Port = 0 Message-Authenticator = 0xe601d87c9065c214eb5461f06cf2c55b MS-CHAP-Challenge = 0xd2f6a4ad2ddb942b MS-CHAP-Response = 0x00010000000000000000000000000000000000000000000000007da48d7397f9b0eebf6182b70846bd09671dd019baa4eea8
and the reject is caused by this:
++policy filter_username { +++? if (User-Name =~ / /) ? Evaluating (User-Name =~ / /) -> FALSE +++? if (User-Name =~ / /) -> FALSE +++? if (User-Name =~ /@.*@/ ) ? Evaluating (User-Name =~ /@.*@/) -> FALSE +++? if (User-Name =~ /@.*@/ ) -> FALSE +++? if (User-Name =~ /\\.\\./ ) ? Evaluating (User-Name =~ /\\.\\./) -> FALSE +++? if (User-Name =~ /\\.\\./ ) -> FALSE +++? if (User-Name !~ /@(.+)\\.(.+)$/) ? Evaluating (User-Name !~ /@(.+)\\.(.+)$/) -> TRUE +++? if (User-Name !~ /@(.+)\\.(.+)$/) -> TRUE +++if (User-Name !~ /@(.+)\\.(.+)$/) { ++++update reply { ++++} # update reply = noop ++++[reject] = reject
this policy is looking for an "@" to be present...which is isnt in the username "Aviator" - so if you dont need such a policy, then edit the default virtual server to comment out the filter_username policy or edit the policy. alan