Identity does not match User-Name, setting from EAP Identity.

Sat Jun 30 01:42:09 CEST 2007

I'm trying to get Windows XP authenticating using logon username/password.

# freeradius -X
[...]
rad_recv: Access-Request packet from host 192.168.12.3:1048, id=0,
length=217
        Message-Authenticator = 0xdbb...
        Service-Type = Framed-User
        User-Name = "TELPERION\\heruan"
        Framed-MTU = 1488
        Called-Station-Id = "00-19-5B-XX-XX-XX:Telperion"
        Calling-Station-Id = "00-13-02-XX-XX-XX"
        NAS-Identifier = "D-Link Access Point"
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 54Mbps 802.11g"
        EAP-Message = 0x02...
        NAS-IP-Address = 192.168.12.3
        NAS-Port = 1
        NAS-Port-Id = "STA port # 1"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 1
  modcall[authorize]: module "preprocess" returns ok for request 1
  modcall[authorize]: module "chap" returns noop for request 1
  modcall[authorize]: module "mschap" returns noop for request 1
    rlm_realm: No '@' in User-Name = "heruan", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 1
  rlm_eap: EAP packet type response id 0 length 21
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 1
    users: Matched entry DEFAULT at line 153
    users: Matched entry DEFAULT at line 172
  modcall[authorize]: module "files" returns ok for request 1
rlm_ldap: - authorize
rlm_ldap: performing user authorization for heruan
radius_xlat:  '(|(uid=heruan)(cn=heruan))'
radius_xlat:  'dc=aldu,dc=net'
rlm_ldap: ldap_get_conn: Checking Id: 0
rlm_ldap: ldap_get_conn: Got Id: 0
rlm_ldap: performing search in dc=aldu,dc=net, with filter
(|(uid=heruan)(cn=heruan))
rlm_ldap: looking for check items in directory...
rlm_ldap: Adding sambaNTPassword as NT-Password, value 0DBF... & op=21
rlm_ldap: Adding sambaLMPassword as LM-Password, value 5388... & op=21
rlm_ldap: looking for reply items in directory...
rlm_ldap: user heruan authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
  modcall[authorize]: module "ldap" returns ok for request 1
rlm_pap: Normalizing NT-Password from hex encoding
rlm_pap: Normalizing LM-Password from hex encoding
rlm_pap: Found existing Auth-Type, not changing it.
  modcall[authorize]: module "pap" returns noop for request 1
modcall: leaving group authorize (returns updated) for request 1
  rad_check_password:  Found Auth-Type EAP
auth: type "EAP"
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 1
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
  rlm_eap: Failed in handler
  modcall[authenticate]: module "eap" returns invalid for request 1
modcall: leaving group authenticate (returns invalid) for request 1
auth: Failed to validate the user.
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 4 seconds...
rad_recv: Access-Request packet from host 192.168.12.3:1048, id=0,
length=217
Sending Access-Reject of id 0 to 192.168.12.3 port 1048

I wonder what
"Identity does not match User-Name, setting from EAP Identity."
means...
Enabling/disabling "ntdomain_hack" on mschap module didn't change
anything :(

G.L.
-- 
www.aldu.net/~heruan
giovanni.lovato at aldu.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3323 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070630/31b4b85c/attachment.bin>