rlm_eap: Identity does not match User-Name...
Michael Patzer
michael.patzer at netviewer.com
Wed Dec 12 11:06:12 CET 2007
hi,
i found the same question and also this topic already on the
mailinglist,
but no solution which works for me. i'm already debugging this thing
the whole day, without any solution.
i'm using 802.1x with
clients: winXP sp2
method: EAP-MSCHAPv2
server: 2.0.0-pre1
it works all fine, as long as i'm not supply any domain-name. if i
supply
a domain-name it immediately fails with
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
could anybody help me with that?
and yes, there is no entry in "users" for EAP.
thx
michael
******************
* DEBUG LOG
******************
rad_recv: Access-Request packet from host 192.168.0.240 port 1645,
id=66, length=149
User-Name = "DOMAINXYZ\\mipa"
Service-Type = Framed-User
Framed-MTU = 1500
Called-Station-Id = "00-1A-E2-D8-3D-81"
Calling-Station-Id = "00-80-C8-39-16-92"
EAP-Message = 0x0202001601454e54455250524953455c7061747a6572
Message-Authenticator = 0xfe2f2b31d8a812b6338524fe5618414e
NAS-Port-Type = Ethernet
NAS-Port = 50001
NAS-IP-Address = 192.168.0.240
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
modcall[authorize]: module "mschap" returns noop for request 0
rlm_eap: EAP packet type response id 2 length 22
rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
modcall[authorize]: module "eap" returns updated for request 0
modcall[authorize]: module "files" returns noop for request 0
perl_pool: item 0x816a2d8 asigned new request. Handled so far: 1
found interpetator at address 0x816a2d8
rlm_perl: Added pair NAS-Port-Type = Ethernet
rlm_perl: Added pair Service-Type = Framed-User
rlm_perl: Added pair Calling-Station-Id = 00-80-C8-39-16-92
rlm_perl: Added pair Called-Station-Id = 00-1A-E2-D8-3D-81
rlm_perl: Added pair Message-Authenticator =
0xfe2f2b31d8a812b6338524fe5618414e
rlm_perl: Added pair User-Name = DOMAINXYZ\\mipa
rlm_perl: Added pair EAP-Message =
0x0202001601454e54455250524953455c7061747a6572
rlm_perl: Added pair EAP-Type = Identity
rlm_perl: Added pair NAS-IP-Address = 192.168.0.240
rlm_perl: Added pair NAS-Port = 50001
rlm_perl: Added pair Framed-MTU = 1500
rlm_perl: Added pair Auth-Type = EAP
perl_pool total/active/spare [32/0/32]
Unreserve perl at address 0x816a2d8
modcall[authorize]: module "perl" returns ok for request 0
modcall[authorize]: module "expiration" returns noop for request 0
modcall[authorize]: module "logintime" returns noop for request 0
modcall: group authorize returns updated for request 0
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 0
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
Found Post-Auth-Type
Processing the post-auth section of radiusd.conf
modcall: entering group REJECT for request 0
radius_xlat: 'DOMAINXYZ\\mipa'
attr_filter: Matched entry DEFAULT at line 11
modcall[post-auth]: module "attr_filter.access_reject" returns updated
for request 0
modcall: group REJECT returns updated for request 0
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 66 to 192.168.0.240 port 1645
Waking up in 4 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 66 with timestamp 475edfcb
Nothing to do. Sleeping until we see a request.
More information about the Freeradius-Users
mailing list