EAP-TLS User-Name not matching

Alan DeKok aland at deployingradius.com
Sun Jan 17 15:33:04 CET 2010


Huckle Berry wrote:
> First off, forgive me if this has been asked before on this list (I did
> do a search first, yet no results proved useful).
> 
> I am on a fact finding mission to see whether freeradius is going to be
> feasible to deploy in my environment (~50 users over ~40 windows and
> linux desktops). On a test network I have configured an Ubuntu 9.10
> Server with a patched freeradius that has openssl (oh what fun that was
> to build).

  ? Building 2.1.7 with OpenSSL should be little more than editing a
debian config file.

  2.1.8 should be available in the Debian / Ubuntu repositories *with*
OpenSSL support.

> I have so far altered the original configuration by only a few lines, as
> everywhere I go I see Alan screaming "Don't change the config!".

  Because people keep changing massive amounts of things they don't
understand, and asking "why is it broken?"

> I
> changed eap.conf by the following
> 
> default_eap_type = tls
> ...
> fragment_size = 1024
> include_length = yes

  Why?

> [eap] Identity does not match User-Name, setting from EAP Identity.
> [eap] Failed in handler

  Hmm... it *should* print out reasons why it failed.  There must be a
code path (i.e. one that happens rarely) where this doesn't happen.

  Alan DeKok.



More information about the Freeradius-Users mailing list