Error: User-Name is not the same as MS-CHAP name

Francois Gaudreault fgaudreault at inverse.ca
Sun May 29 16:10:47 CEST 2011


Hi Phil,

On 11-05-29 6:16 AM, Phil Mayers wrote:
> Ok, so as before what we're seeing is that the host is sending
>
> STIC08862\TechRMC
>
> ...in the EAP-Identity response, but:
>
> TechRMC
>
> ...in the MSCHAP packet (the hex above decodes to that)
>
> This is obviously broken, but here's where I get confused: STIC08862 
> doesn't look like a domain name to me. It looks like a machine name.
It is indeed a machine name.  This is where we have problems, this does 
not happen using Windows 7.  I tried to set a Realm for that machine 
name without success.  The thing I don't understand is why MSCHAP 
complains about that.  I mean, correct me if I am wrong, 
mschap:User-Name will *always* strip that part since it looks like a domain.

>
> Is the machine a domain member or not? Is the user logging on locally 
> or with a domain account? Or is this an artefact of the way Novell works?
The machine is not member of the domain, and the user logs in Novell.  
So when the user logs in, it sends the username information to RADIUS 
just like if a local user logs in.

>
> What happens if you take an ordinary machine, without the Novell 
> client installed, create a local user with the same username/password 
> as a domain user, then use "send username automatically"
We tried it, and the machine appears to be sending the machine name 
anyway.  It will work only if we don't send the credentials automatically.


Thanks!

-- 
Francois Gaudreault, ing. jr
Inverse inc. :: Leaders behind SOGo (www.sogo.nu) and PacketFence (www.packetfence.org)




More information about the Freeradius-Users mailing list