EAP-TLS User-Name not matching
Alan DeKok
aland at deployingradius.com
Sun Jan 17 15:33:04 CET 2010
Huckle Berry wrote:
> First off, forgive me if this has been asked before on this list (I did
> do a search first, yet no results proved useful).
>
> I am on a fact finding mission to see whether freeradius is going to be
> feasible to deploy in my environment (~50 users over ~40 windows and
> linux desktops). On a test network I have configured an Ubuntu 9.10
> Server with a patched freeradius that has openssl (oh what fun that was
> to build).
? Building 2.1.7 with OpenSSL should be little more than editing a
debian config file.
2.1.8 should be available in the Debian / Ubuntu repositories *with*
OpenSSL support.
> I have so far altered the original configuration by only a few lines, as
> everywhere I go I see Alan screaming "Don't change the config!".
Because people keep changing massive amounts of things they don't
understand, and asking "why is it broken?"
> I
> changed eap.conf by the following
>
> default_eap_type = tls
> ...
> fragment_size = 1024
> include_length = yes
Why?
> [eap] Identity does not match User-Name, setting from EAP Identity.
> [eap] Failed in handler
Hmm... it *should* print out reasons why it failed. There must be a
code path (i.e. one that happens rarely) where this doesn't happen.
Alan DeKok.
More information about the Freeradius-Users
mailing list