question about windows users

Ivan Kalik tnt at kalik.net
Mon May 18 16:17:54 CEST 2009


> I installed 2.0.4 version (compiled using suggestions from:
> http://www.fatofthelan.com/articles/articles.php?pid=27
> http://www.linuxinsight.com/building-debian-freeradius-package-with-eap-tls-ttls-peap-support.html)
>

If you downloaded current version, you wouldn't need to ask. You have to
change makefile, so client certificates are signed by the ca and not
server certificate. MS introduced that glitch post XP SP2.

>
> second one:
> rad_recv: Access-Request packet from host 192.168.5.206 port 1812, id=138,
> length=147
...
>         User-Name = "user at example.com"
...
>     rlm_realm: Found realm "example.com"
>     rlm_realm: Adding Stripped-User-Name = "user"
>     rlm_realm: Adding Realm = "example.com"
>     rlm_realm: Proxying request from user user to realm example.com
...
> Sending Access-Request of id 188 to 127.0.0.1 port 1812
...
>         User-Name = "user"
...
> rlm_eap: Identity does not match User-Name, setting from EAP Identity.
>   rlm_eap: Failed in handler
> ++[eap] returns invalid
> auth: Failed to validate the user.

You can't strip the username in EAP.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list