Strip off the domain part from the User-Name
Phil Mayers
p.mayers at imperial.ac.uk
Fri Apr 1 14:37:34 CEST 2011
On 01/04/11 11:08, Thomas Wunder wrote:
> On Wednesday 30 March 2011 15:52:31 Phil Mayers wrote:
>> First, there's no need to email me directly; I read the list.
> I totally agree with you I just missed to exchange the recipient address (and after noticing that i also sent it to the list)... sorry!
>> You *only* set:
>> with_ntdomain_hack = yes
>> ...in modules/mschap.
>> DO NOT set it anywhere else - this basically does exactly the same thing
>> you were doing earlier (rewriting the *real* username) and causes EAP to
>> break.
> Sorry but that didn't help either. I did -- like you suggested -- set 'with_ntdomain_hack' back to 'no' everywhere except for modules/mschap but I still get that '[...] not the same as [...]' error message.
>
> [mschapv2] # Executing group from file /etc/freeradius/sites-enabled/inner-tunnel
> [mschapv2] +- entering group MS-CHAP {...}
> [mschap] No Cleartext-Password configured. Cannot create LM-Password.
> [mschap] Found NT-Password
> [mschap] ERROR: User-Name (winmac\tom1) is not the same as MS-CHAP Name (tom1) from EAP-MSCHAPv2
Eh? I've never seen that before.
> ++[mschap] returns reject
>
> Again a full log is appended. My modules/mschap currently looks like this (i suppose that the above problems might arise from it):
Don't see the logfile...
More information about the Freeradius-Users
mailing list