User-Name (machine\user) is not the same as MS-CHAP Name (user) from EAP-MSCHAPv2 error
Hi; We upgraded our radius to Freeradius 2.1.10 version on Ubuntu 32bit from an old version Our problem is windows xp clients cant login to wireless and radius has "User-Name (machine\user) is not the same as MS-CHAP Name (user) from EAP-MSCHAPv2" error mesages At the old version freeradius at exactly same configuration clients had not any problem realm ntdomain { format = prefix delimiter = "\\" ignore_default = no ignore_null = no } authtype = MS-CHAP with_ntdomain_hack =yes You can find debug log export at below What we need to do ? BR Gokhan User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0201001101676f6b68616e67756e796f6c Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0x50f0ec9d540b9d5e24090ea7de41963a # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 1 length 17 [eap] No EAP Start, assuming it's an on-going EAP conversation ++[eap] returns updated ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] EAP Identity [eap] processing type tls [tls] Initiate [tls] Start returned 1 ++[eap] returns handled Sending Access-Challenge of id 154 to 10.200.0.2 port 32795 EAP-Message = 0x010200061920 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51005d77e23351c7d723e9be1 Finished request 272. Going to the next request rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=137, length=297 User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x0202005719800000004d160301004801000044030150923dd861119125fc2259c6b0bc6056 daa0fbf2c9a746654b172f25019442cd00001600040005000a00090064006200030006001300 12006301000005ff01000100 State = 0x1007cea51005d77e23351c7d723e9be1 Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0x711e835734fabd4577390bed80cf0722 # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 2 length 87 [eap] Continuing tunnel setup. ++[eap] returns ok ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 77 [peap] Length Included [peap] eaptls_verify returned 11 [peap] (other): before/accept initialization [peap] TLS_accept: before/accept initialization [peap] <<< TLS 1.0 Handshake [length 0048], ClientHello [peap] TLS_accept: SSLv3 read client hello A [peap] >>> TLS 1.0 Handshake [length 0031], ServerHello [peap] TLS_accept: SSLv3 write server hello A [peap] >>> TLS 1.0 Handshake [length 07af], Certificate [peap] TLS_accept: SSLv3 write certificate A [peap] >>> TLS 1.0 Handshake [length 0004], ServerHelloDone [peap] TLS_accept: SSLv3 write server done A [peap] TLS_accept: SSLv3 flush data [peap] TLS_accept: Need to read more data: SSLv3 read client certificate A In SSL Handshake Phase In SSL Accept mode [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 137 to 10.200.0.2 port 32795 EAP-Message = 0x0103040019c0000007f316030100310200002d030150923de9c2b9bb8cd34ef049ee8297b8 d2c2431864dd9f472838bcbf6c1279cf000004000005ff0100010016030107af0b0007ab0007 a80003e8308203e43082034da003020102020200b9300d06092a864886f70d01010505003081 9f310b30090603550406130254523111300f06035504071308497374616e62756c311b301906 0355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e66 6f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e697665 72736974793127302506092a864886f70d010901161873797361 EAP-Message = 0x646d696e40736162616e6369756e69762e656475301e170d3132303531303130333233355a 170d3135303531303130333233355a30819f310b30090603550406130254523111300f060355 04071308497374616e62756c311b3019060355040a1312536162616e636920556e6976657273 697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b3019060355 040313125261646975732041757468205365727665723127302506092a864886f70d01090116 1873797361646d696e40736162616e6369756e69762e65647530819f300d06092a864886f70d 010101050003818d0030818902818100a868d32fea2097c26fc7 EAP-Message = 0x06c909e04dffea3289404adeca30535091e4e2b65a36ee9adfe02002bde974063907877737 74e2ef394cef6e918710c7010ce82e41bc97211b8ab3b109377bcee92e67133965afb7e48c4b 2dc1a0e224c721b63b2584c6d16b5a64c4a8f183062baac5d87fdb2250372a4b3fc75f2c3a42 0ec29a5cb90203010001a382012b3082012730090603551d1304023000302c06096086480186 f842010d041f161d4f70656e53534c2047656e65726174656420436572746966696361746530 1d0603551d0e04160414a34c94bbb730604678cc372d518bbbbbe1c43e3a3081cc0603551d23 0481c43081c18014c6c1f74047266b05e67daee7263acf804303 EAP-Message = 0xbd0aa181a5a481a230819f310b30090603550406130254523111300f060355040713084973 74616e62756c311b3019060355040a1312536162616e636920556e6976657273697479311a30 18060355040b1311496e666f726d6174696f6e20546563682e311b3019060355040313125361 62616e636920556e69766572736974793127302506092a864886f70d01090116187379736164 6d696e40736162616e6369756e69762e656475820100300d06092a864886f70d010105050003 8181003b55627e878b84bbfc142e852404b1f5c0d0866cb76d1cd12ce1c45bcc36c2492f4f4b fe4af1b175e79ab4f3eb915085c9e50afd756a44dc758d4d56f4 EAP-Message = 0xff14f1d23ad3d94011923725 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51104d77e23351c7d723e9be1 Finished request 273. Going to the next request Cleaning up request 258 ID 63 with timestamp +759 rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=222, length=216 User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020300061900 State = 0x1007cea51104d77e23351c7d723e9be1 Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0xaedcfb0ad4ddd446ffbad960996ff1fe # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 3 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 222 to 10.200.0.2 port 32795 EAP-Message = 0x010403fc1940aa154b4beb99b0651d518b10cde973766e445b091bfdb89d709d3d36d3efcf a451eafe08fa690edc4b432017567af20d482218484a45bf0003ba308203b63082031fa00302 0102020100300d06092a864886f70d010104050030819f310b30090603550406130254523111 300f06035504071308497374616e62756c311b3019060355040a1312536162616e636920556e 6976657273697479311a3018060355040b1311496e666f726d6174696f6e20546563682e311b 301906035504031312536162616e636920556e69766572736974793127302506092a864886f7 0d010901161873797361646d696e40736162616e6369756e6976 EAP-Message = 0x2e656475301e170d3033303331393038343032305a170d3133303331363038343032305a30 819f310b30090603550406130254523111300f06035504071308497374616e62756c311b3019 060355040a1312536162616e636920556e6976657273697479311a3018060355040b1311496e 666f726d6174696f6e20546563682e311b301906035504031312536162616e636920556e6976 6572736974793127302506092a864886f70d010901161873797361646d696e40736162616e63 69756e69762e65647530819f300d06092a864886f70d010101050003818d0030818902818100 b4d46775b459661c4ba537e81197a67c18ab969ba96fb2ad2a7e EAP-Message = 0x0f5a8de0ae0d8b564b1269b32de256c8a526139934887adf8c5d1886da51c3d92ecbb91c01 b07ca4cbae2d4d5edf5962133790fc813ad092478d304e4b5344d63bf2af0607bb3d8de02522 dadb62b8972928232ba581d7a047a1c9187eb4c5549a56f3780b6d0203010001a381ff3081fc 301d0603551d0e04160414c6c1f74047266b05e67daee7263acf804303bd0a3081cc0603551d 230481c43081c18014c6c1f74047266b05e67daee7263acf804303bd0aa181a5a481a230819f 310b30090603550406130254523111300f06035504071308497374616e62756c311b30190603 55040a1312536162616e636920556e6976657273697479311a30 EAP-Message = 0x18060355040b1311496e666f726d6174696f6e20546563682e311b30190603550403131253 6162616e636920556e69766572736974793127302506092a864886f70d010901161873797361 646d696e40736162616e6369756e69762e656475820100300c0603551d13040530030101ff30 0d06092a864886f70d010104050003818100146ceba80178d651a8a31c3e9c0cc9a00f0a4ff1 885f2513befb08f252b0cfcda3db78b749e97c2b81293febd5327166c40d9a1fc660e006b041 be67976381b6610dd938cd1c4dd57bbec9a3f0cf95fce609392ea17400c24acc4dd9c8c1b962 818d9d2ee0081f868984a5b472d757746af53244cffc6c46f741 EAP-Message = 0x939a3cb53a961603 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51203d77e23351c7d723e9be1 Finished request 274. Going to the next request Cleaning up request 259 ID 58 with timestamp +759 rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=4, length=216 User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020400061900 State = 0x1007cea51203d77e23351c7d723e9be1 Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0x66ee7c8a6e9f1922ad84549e4bd66bb6 # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 4 length 6 [eap] Continuing tunnel setup. ++[eap] returns ok ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS [peap] Received TLS ACK [peap] ACK handshake fragment handler [peap] eaptls_verify returned 1 [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 4 to 10.200.0.2 port 32795 EAP-Message = 0x0105000d19000100040e000000 Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51302d77e23351c7d723e9be1 Finished request 275. Going to the next request rad_recv: Access-Request packet from host 10.200.0.2 port 32795, id=23, length=402 User-Name = "testuser" NAS-IP-Address = 10.200.0.2 NAS-Port = 0 NAS-Identifier = "10.200.0.2" NAS-Port-Type = Wireless-802.11 Calling-Station-Id = "001644EF420B" Called-Station-Id = "000B8661DFC4" Service-Type = Login-User Framed-MTU = 1100 EAP-Message = 0x020500c01980000000b61603010086100000820080700e1be39859332693d138b13d7e28ea b48a5f87e939eeb5d0978da9efd0957c2df909e3bcc53330e00981b44ca7eea794e28607d996 80c38bfb6886d6d3f689e4b8e2251eb9fed2f9747f905c664b4d39ced29c4e8eaa87c4479ebe 30a0c817b52eb0e1c6ebe80a3c8adc3c51352752803f9f15746bfef8bba5724e5d475f5d1403 01000101160301002067324c95356ea8cec4f757f37caa1e0bad62558c0e9372b33e9ac4f238 1bbcf6 State = 0x1007cea51302d77e23351c7d723e9be1 Aruba-Essid-Name = "sunet-staff-wpa2" Aruba-Location-Id = "BM_IT_Net_Sys_3c:02" Aruba-Attr-10 = 0x424d5f62696e617369 Message-Authenticator = 0x280d05f5afa8df8132594e3046573b8e # Executing section authorize from file /etc/freeradius/radiusd.conf +- entering group authorize {...} [yenimac] expand: - -> - yenimac: Does not match: Calling-Station-Id = 001644EF420B yenimac: Could not find value pair for attribute Calling-Station-Id ++[yenimac] returns ok [eap] EAP packet type response id 5 length 192 [eap] Continuing tunnel setup. ++[eap] returns ok ++[mschap] returns noop [ldap] performing user authorization for testuser [ldap] expand: (uid=%{mschap:User-Name:-%{User-Name}}) -> (uid=testuser) [ldap] expand: o=univ.edu -> o=univ.edu [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] performing search in o=univ.edu, with filter (uid=testuser) [ldap] Added User-Password = 0865B10841F6433200C02B4E4A9F468C in check items [ldap] No default NMAS login sequence [ldap] looking for check items in directory... [ldap] userPassword -> Password-With-Header == "{crypt}zhKZaHH/0ZNmo" [ldap] sambaNtPassword -> NT-Password == 0x3038363542313038343146363433333230304330324234453441394634363843 [ldap] sambaLmPassword -> LM-Password == 0x4643463937353144304431313932343636353044374443444545353833383737 [ldap] radiusAuthType -> Auth-Type == EAP [ldap] looking for reply items in directory... [ldap] user testuser authorized to use remote access [ldap] ldap_release_conn: Release Id: 0 ++[ldap] returns ok Found Auth-Type = EAP !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Replacing User-Password in config items with Cleartext-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! !!! Please update your configuration so that the "known good" !!! !!! clear text password is in Cleartext-Password, and not in User-Password. !!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!! # Executing group from file /etc/freeradius/radiusd.conf +- entering group authenticate {...} [eap] Request found, released from the list [eap] EAP/peap [eap] processing type peap [peap] processing EAP-TLS TLS Length 182 [peap] Length Included [peap] eaptls_verify returned 11 [peap] <<< TLS 1.0 Handshake [length 0086], ClientKeyExchange [peap] TLS_accept: SSLv3 read client key exchange A [peap] <<< TLS 1.0 ChangeCipherSpec [length 0001] [peap] <<< TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 read finished A [peap] >>> TLS 1.0 ChangeCipherSpec [length 0001] [peap] TLS_accept: SSLv3 write change cipher spec A [peap] >>> TLS 1.0 Handshake [length 0010], Finished [peap] TLS_accept: SSLv3 write finished A [peap] TLS_accept: SSLv3 flush data [peap] (other): SSL negotiation finished successfully SSL Connection Established [peap] eaptls_process returned 13 [peap] EAPTLS_HANDLED ++[eap] returns handled Sending Access-Challenge of id 23 to 10.200.0.2 port 32795 EAP-Message = 0x01060031190014030100010116030100201137f7a6559497aeecf8db8a0dafbbc6f6a4014c 362fb22f123f439db04ae04f Message-Authenticator = 0x00000000000000000000000000000000 State = 0x1007cea51401d77e23351c7d723e9be1 Finished request 276.
On 01/11/12 11:22, Gokhan Gunyol wrote:
Hi;
We upgraded our radius to Freeradius 2.1.10 version on Ubuntu 32bit from an old version
Which old version.
Our problem is windows xp clients cant login to wireless and radius has “User-Name (machine\user) is not the same as MS-CHAP Name (user) from EAP-MSCHAPv2” error mesages
Ok.
At the old version freeradius atexactly same configuration clients had not any problem
The mschap code has had some changes over the years. This might be one of them.
You can find debug log export at below
This is an incomplete debug. It doesn't show the error message you refer to. Where is it?
participants (2)
-
Gokhan Gunyol -
Phil Mayers