Error: User-Name is not the same as MS-CHAP name
Francois Gaudreault
fgaudreault at inverse.ca
Sun May 29 16:10:47 CEST 2011
Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
> Ok, so as before what we're seeing is that the host is sending
>
> STIC08862\TechRMC
>
> ...in the EAP-Identity response, but:
>
> TechRMC
>
> ...in the MSCHAP packet (the hex above decodes to that)
>
> This is obviously broken, but here's where I get confused: STIC08862
> doesn't look like a domain name to me. It looks like a machine name.
It is indeed a machine name. This is where we have problems, this does
not happen using Windows 7. I tried to set a Realm for that machine
name without success. The thing I don't understand is why MSCHAP
complains about that. I mean, correct me if I am wrong,
mschap:User-Name will *always* strip that part since it looks like a domain.
>
> Is the machine a domain member or not? Is the user logging on locally
> or with a domain account? Or is this an artefact of the way Novell works?
The machine is not member of the domain, and the user logs in Novell.
So when the user logs in, it sends the username information to RADIUS
just like if a local user logs in.
>
> What happens if you take an ordinary machine, without the Novell
> client installed, create a local user with the same username/password
> as a domain user, then use "send username automatically"
We tried it, and the machine appears to be sending the machine name
anyway. It will work only if we don't send the credentials automatically.
Thanks!
--
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)
More information about the Freeradius-Users
mailing list