Error: User-Name is not the same as MS-CHAP name

[Francois Gaudreault]

Hi,

I had a look at this issue with him since he is one of our client.  Machine authentications are working flawlessly, windows 7 authentication as well (no hostname is sent with the username).
The problem is when the HOSTNAME is sent along with the username under windows XP. I tried to set a realm specially for this HOSTNAME, but we got the same error.
>    Well... re-writing the names in the "inner-tunnel" server is breaking
> authentication.
We don't.  The sites configuration are very straightforward (almost default), no fency rewrites in the default or the inner-tunnel.
>    *Why* are you re-writing them?  What do you expect to do with the
> names?  Why isn't there another way to achieve the same goal?
We do not rewrite anything.  LDAP authorization passes properly, but when EAP authentication kicks in, we have this MS-CHAP error.
We are using mschap:user-name in the LDAP filter and in the ntlm_auth line.  Again, we are *NOT* rewriting the User-Name.

We need other ideas here.

-- 
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)