Agent Smith <news8080@yahoo.com> wrote:
When a user connectes, they are presented with a login box (username, password and domain name) if they put a domain name in the domain field, radius can't authenticate them and gives that error message. when the domain field is left empty, it works fine.
You should be able to use a module before 'eap" to fix the Username.
I read some posting that talked about how you have to turn off ntdomain_hack off and I tried that, it didn't gave me that error but then the ntlm_auth failed saying 'NO SUCH USER' so my guess is that the user-name has to be exactly same as what gets sent into EAP message.
If you're using ntlm_auth, you're not using EAP-TLS. You're using EAP-PEAP, there's a difference. And the ntlm_auth program is run *only* inside of the TLS tunnel, where there's no certificate, so matching username to certificate isn't a problem.
has anyone else ran into this? any ideas on how to fix it?
Run the server in debugging mode and post the results to the list. Odds are there's a simple way to do what you want. Alan DeKok.