Strip off the domain part from the User-Name
Phil Mayers
p.mayers at imperial.ac.uk
Thu Mar 24 09:36:28 CET 2011
On 03/23/2011 07:08 PM, Thomas Wunder wrote:
> But when it comes to MSCHAP authentication I've got a problem:
> I get errors like
> "[mschap] ERROR: User-Name (testpc\tom1) is not the same as MS-CHAP Name (tom1) from EAP-MSCHAPv2"
> (...which sounds consequent) I've tried solve that problem by changing "with_ntdomain_hack = yes" (I know you recommend against that) without any luck:
> +- entering group authenticate {...}
> [eap] Identity does not match User-Name, setting from EAP Identity.
> [eap] Failed in handler
> ++[eap] returns invalid
> Failed to authenticate the user.
> Login incorrect: [tom1] (from client swtswitch01 port 0 via TLS tunnel)
>
Please post a full debug. It's not possible to find the real cause of
your problem from the snippet.
I am guessing that you're attempting to modify the username; you can't
do that, EAP will complain (as you're seeing)
More information about the Freeradius-Users
mailing list