question about windows users

A.L.M.Buxey at A.L.M.Buxey at
Mon May 18 16:28:31 CEST 2009


> ok (you guys propably hate me :) but please could you still give me the
> answers as you did before)
> but back to the subject:
> I did like you said,
> I installed 2.0.4 version (compiled using suggestions from:

you are using an old version, you are using random 3rd party instructions
of dubious dates and knowledge.

> first one:
> when I open properites of client certificate on XP using mmc-certificates
> console I have the information that "Windows doesnt have enough information
> to verify this certificate" "You have proper private key to this
> certificate" (it is non-english system so its translation but I think
> translation is ok)

this means you didnt install the CA - ensure you've added it to the trusted CA list
in the system - use the certificate MMC Snapin.

> second one:

original packet has this:

>         User-Name = "user at"

this is then proxied to the system handling

>     rlm_realm: Looking up realm "" for User-Name = "
> user at"
>     rlm_realm: Found realm ""
>     rlm_realm: Adding Stripped-User-Name = "user"
>     rlm_realm: Adding Realm = ""
>     rlm_realm: Proxying request from user user to realm
>     rlm_realm: Preparing to proxy authentication request to realm "
> ++[suffix] returns updated

..which then says this:

> rlm_eap: Identity does not match User-Name, setting from EAP Identity.
>   rlm_eap: Failed in handler

so..somewhere along the line you are playing with the User-Name attribute...something
which you cannot do with EAP - if you take a standard 2.1.6 install and make the basic changes
to your eap.conf and clients.conf it will work.


More information about the Freeradius-Users mailing list