rlm_eap: Identity does not match User-Name...

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Dec 12 13:14:39 CET 2007


> if anybody has the same problem, here's the solution..
> i've installed 2.0.0-pre2 and made just the following
> changes to radiusd.conf:
> mschap {
>         with_ntdomain_hack = yes
>       ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key
> --username=%{mschap:User-Name} --challenge=%{mschap:Challenge}
> --nt-response=%{mschap:NT-Response} --domain=%{mschap:NT-Domain}"
> }
> after that averything works fine, so i started to add
> my perl-module to every section. after that it fails
> with the same error as pre1.
> so i remove "perl" from the authorize section - where it wasn't realy
> required,
> and now everything works fine. i think this will also works with pre1,
> but
> now i'll stay on pre2 :-)
> for 2.0.0 final: the sample "ntlm_auth"-line in radiusd.conf won't work!

this works here:

ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{Stripped-User-Name:-%{mschap:User-Name:-%{User-Name:-None}}} --domain=%{mschap:NT-domain} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"

I think the main issue is that you REALLY need to have at least the
mschap:User-Name - the default entry doesnt have it (?) - with either
other options and defaults - but just User-Name doesnt work. it
must be mschap:User-Name


More information about the Freeradius-Users mailing list