rlm_eap: identity does not match User-Name, setting from EAP identity
Agent Smith
news8080 at yahoo.com
Sat Mar 18 19:25:37 CET 2006
My other yahoo account was not working for some reason
so I am using this account to reply.
rad_recv: Access-Request packet from host
192.168.3.44:1645, id=139, length=139
User-Name = "UPG\\test"
Framed-MTU = 1400
Called-Station-Id = "0013.8032.40d1"
Calling-Station-Id = "0090.4b1d.86cc"
Service-Type = Login-User
Message-Authenticator =
0x719f121abfb3b27a8746acabe0e1b6c6
EAP-Message = 0x0202000f123d4544566a726176616c
NAS-Port-Type = Wireless-802.11
NAS-Port = 1527
NAS-IP-Address = 192.168.3.44
NAS-Identifier = "Cisco_AP"
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 32
modcall[authorize]: module "preprocess" returns ok
for request 32
rlm_eap: EAP packet type response id 2 length 15
rlm_eap: No EAP Start, assuming it's an on-going EAP
conversation
modcall[authorize]: module "eap" returns updated for
request 32
rlm_realm: No '/' in User-Name = "test", looking
up realm NULL
rlm_realm: Found realm "NULL"
rlm_realm: Adding Stripped-User-Name = "test"
rlm_realm: Proxying request from user test to
realm NULL
rlm_realm: Adding Realm = "NULL"
rlm_realm: Authentication realm is LOCAL.
modcall[authorize]: module "suffix" returns noop for
request 32
users: Matched entry DEFAULT at line 1
modcall[authorize]: module "files" returns ok for
request 32
modcall[authorize]: module "etc_smbpasswd" returns
notfound for request 32
modcall: group authorize returns updated for request
32
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 32
rlm_eap: Identity does not match User-Name, setting
from EAP Identity.
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid
for request 32
modcall: group authenticate returns invalid for
request 32
auth: Failed to validate the user.
Delaying request 32 for 1 seconds
Finished request 32
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 139 to 192.168.3.44:1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 32 ID 139 with timestamp 441affff
Nothing to do. Sleeping until we see a request.
--- Alan DeKok <aland at ox.org> wrote:
> Agent Smith <news8080 at yahoo.com> wrote:
> > When a user connectes, they are presented with a
> login
> > box (username, password and domain name) if they
> put a
> > domain name in the domain field, radius can't
> > authenticate them and gives that error message.
> when
> > the domain field is left empty, it works fine.
>
> You should be able to use a module before 'eap" to
> fix the Username.
>
> > I read some posting that talked about how you have
> to
> > turn off ntdomain_hack off and I tried that, it
> didn't
> > gave me that error but then the ntlm_auth failed
> > saying 'NO SUCH USER' so my guess is that the
> > user-name has to be exactly same as what gets sent
> > into EAP message.
>
> If you're using ntlm_auth, you're not using
> EAP-TLS. You're using
> EAP-PEAP, there's a difference.
>
> And the ntlm_auth program is run *only* inside of
> the TLS tunnel,
> where there's no certificate, so matching username
> to certificate
> isn't a problem.
>
> > has anyone else ran into this? any ideas on how to
> fix
> > it?
>
> Run the server in debugging mode and post the
> results to the list.
> Odds are there's a simple way to do what you want.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Freeradius-Users
mailing list