rlm_eap: identity does not match User-Name, setting from EAP identity

[Alan DeKok]

Agent Smith <news8080 at yahoo.com> wrote:
> When a user connectes, they are presented with a login
> box (username, password and domain name) if they put a
> domain name in the domain field, radius can't
> authenticate them and gives that error message. when
> the domain field is left empty, it works fine.

  You should be able to use a module before 'eap" to fix the Username.

> I read some posting that talked about how you have to
> turn off ntdomain_hack off and I tried that, it didn't
> gave me that error but then the ntlm_auth failed
> saying 'NO SUCH USER' so my guess is that the
> user-name has to be exactly same as what gets sent
> into EAP message.

  If you're using ntlm_auth, you're not using EAP-TLS.  You're using
EAP-PEAP, there's a difference.

  And the ntlm_auth program is run *only* inside of the TLS tunnel,
where there's no certificate, so matching username to certificate
isn't a problem.

> has anyone else ran into this? any ideas on how to fix
> it?

  Run the server in debugging mode and post the results to the list.
Odds are there's a simple way to do what you want.

  Alan DeKok.