Strip off the domain part from the User-Name

Phil Mayers p.mayers at
Thu Mar 24 09:36:28 CET 2011

On 03/23/2011 07:08 PM, Thomas Wunder wrote:

> But when it comes to MSCHAP authentication I've got a problem:
> I get errors like
> "[mschap] ERROR: User-Name (testpc\tom1) is not the same as MS-CHAP Name (tom1) from EAP-MSCHAPv2"
> (...which sounds consequent) I've tried solve that problem by changing "with_ntdomain_hack = yes" (I know you recommend against that) without any luck:
> +- entering group authenticate {...}
> [eap] Identity does not match User-Name, setting from EAP Identity.
> [eap] Failed in handler
> ++[eap] returns invalid
> Failed to authenticate the user.
> Login incorrect: [tom1] (from client swtswitch01 port 0 via TLS tunnel)

Please post a full debug. It's not possible to find the real cause of 
your problem from the snippet.

I am guessing that you're attempting to modify the username; you can't 
do that, EAP will complain (as you're seeing)

More information about the Freeradius-Users mailing list