debug afone wrote:
Hi,
I've got a new problem when I try to authenticate a Windows Vista client with Freeradius. Vista sends to the radius a User-Name like DOMAIN\USER. When I use nt_domain_hack or the realm ntdomain, the domain disappear from the User-Name attribute.
The authentication goes on, the login/password match in LDAP database but EAP fails. Here's a trace :
rlm_ldap: user nsouleman authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 3 modcall: leaving group authorize (returns updated) for request 3 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 3 rlm_eap: Identity does not match User-Name, setting from EAP Identity. rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 3 modcall: leaving group authenticate (returns invalid) for request 3 auth: Failed to validate the user.
As you can see, ldap module returns OK but I have this message just after : rlm_eap: Identity does not match User-Name, setting from EAP Identity.
Does anybody help me ?
Thanks.
Nicolas SOULEMAN.
rlm_eap: Identity does not match User-Name, setting from EAP Identity. rlm_eap: Failed in handler User-Name attribute in Access-Accept packet must match EAP-Identity encoded in EAP Packets, but can be different from identity used in the EAP method. -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900