Freeradius problem, EAP-TTLS works fine, EAP-PEAP does not

Jean-Yves Avenard jyavenard at gmail.com
Tue Aug 31 05:41:02 CEST 2010


Hi

On Tuesday, August 31, 2010, Alan DeKok <aland at deployingradius.com> wrote:
>   The first debug log shows the user being found by the "unix" module.
> i.e. the User-Name has an entry in /etc/passwd, or the Apple equivalent.
>
>   The second debug log shows that the user is *not* found by the "unix"
> module.
>

Yes, because in the 2nd case, Win 7 sent the name of the computer instead.
>
>   I'm aware of that.  I'm saying that *you* need to figure out which is
> which, and edit the configuration to use the right one.

But configuration where? on the freeradius server or win 7?

>
>> If you could point me to directions on how to configure the server for
>> (b), it would be greatly appreciated.
>
>   Edit raddb/sites-enabled/inner-tunnel, the "authorize" section:
>
> authorize {
>         ...
>
>         if (User-Name =~ /\/(.*)/) {
>                 update request {
>                         Stripped-User-Name := "%{1}"
>                 }
>         }
>         ...
> }

This would only help if the user format is in the form of blah/user ;
which it isn't when the user name is sent and not the computer's name.

Looking at the log, I don't think that when win7 sent the computer
name as the login, the user's name is sent anywhere, so configuration
change can only be done on the win7 client

JY




More information about the Freeradius-Users mailing list