Authentication Problem with EAP-PEAP
Arran Cudbard-Bell
A.Cudbard-Bell at sussex.ac.uk
Wed Jan 23 12:57:10 CET 2008
debug afone wrote:
> Hi,
>
> I've got a new problem when I try to authenticate a Windows Vista client
> with Freeradius.
> Vista sends to the radius a User-Name like DOMAIN\USER.
> When I use nt_domain_hack or the realm ntdomain, the domain disappear from
> the User-Name attribute.
>
> The authentication goes on, the login/password match in LDAP database but
> EAP fails. Here's a trace :
>
> rlm_ldap: user nsouleman authorized to use remote access
> rlm_ldap: ldap_release_conn: Release Id: 0
> modcall[authorize]: module "ldap" returns ok for request 3
> modcall: leaving group authorize (returns updated) for request 3
> rad_check_password: Found Auth-Type EAP
> auth: type "EAP"
> Processing the authenticate section of radiusd.conf
> modcall: entering group authenticate for request 3
> rlm_eap: Identity does not match User-Name, setting from EAP Identity.
> rlm_eap: Failed in handler
> modcall[authenticate]: module "eap" returns invalid for request 3
> modcall: leaving group authenticate (returns invalid) for request 3
> auth: Failed to validate the user.
>
> As you can see, ldap module returns OK but I have this message just after :
> rlm_eap: Identity does not match User-Name, setting from EAP Identity.
>
> Does anybody help me ?
>
> Thanks.
>
> Nicolas SOULEMAN.
>
>
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
User-Name attribute in Access-Accept packet must match EAP-Identity
encoded in EAP Packets, but can be different from identity used in the
EAP method.
--
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
More information about the Freeradius-Users
mailing list