Removing domain prefix from login

Alejandro Gandara agandara at
Fri Nov 11 10:52:51 CET 2011

2011/11/11 Phil Mayers <p.mayers at>

> On 11/11/2011 07:46 AM, Alejandro Gandara wrote:
>  I got erros anyways. I've attached debug output
> The debug output didn't make it through; I guess it was too big. Use a
> pastebin, or put it inline in the email?
> this is the short view:
++[preprocess] returns ok
[ntdomain] Looking up realm "OPTARE" for User-Name = "OPTARE\brouco"
[ntdomain] Found realm "OPTARE"
[ntdomain] Adding Stripped-User-Name = "brouco"
[ntdomain] Adding Realm = "OPTARE"
[ntdomain] Authentication realm is LOCAL.
++[ntdomain] returns ok
++[mschap] returns noop
++[digest] returns noop
[ldap] performing user authorization for brouco
[ldap]  expand: %{Stripped-User-Name} -> brouco
[ldap]  expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) -> (uid=brouco)
[ldap]  expand: dc=optare,dc=loc -> dc=optare,dc=loc
  [ldap] ldap_get_conn: Checking Id: 0
  [ldap] ldap_get_conn: Got Id: 0
  [ldap] performing search in dc=optare,dc=loc, with filter (uid=brouco)
[ldap] No default NMAS login sequence
[ldap] looking for check items in directory...
  [ldap] roomNumber -> Pool-Name == "infraestructuras"
  [ldap] sambaNtPassword -> NT-Password ==
[ldap] looking for reply items in directory...
  [ldap] radiusTunnelPrivateGroupId -> Tunnel-Private-Group-Id:0 = "01"
  [ldap] radiusTunnelMediumType -> Tunnel-Medium-Type:0 = IEEE-802
  [ldap] radiusTunnelType -> Tunnel-Type:0 = VLAN
  [ldap] radiusFramedIPAddress -> Framed-IP-Address =
WARNING: No "known good" password was found in LDAP.  Are you sure that the
user is configured correctly?
[ldap] user brouco authorized to use remote access
  [ldap] ldap_release_conn: Release Id: 0
++[ldap] returns ok
[eap] EAP packet type response id 45 length 43
[eap] Continuing tunnel setup.
++[eap] returns ok
Found Auth-Type = EAP
# Executing group from file /etc/freeradius/sites-enabled/default
+- entering group authenticate {...}
[eap] Request found, released from the list
[eap] EAP/peap
[eap] processing type peap
[peap] processing EAP-TLS
[peap] eaptls_verify returned 7
[peap] Done initial handshake
[peap] eaptls_process returned 7
[peap] EAPTLS_OK
[peap] Session established.  Decoding tunneled attributes.
[peap] Peap state send tlv failure
[peap] Received EAP-TLV response.
[peap]  The users session was previously rejected: returning reject (again.)
[peap]  *** This means you need to read the PREVIOUS messages in the debug
[peap]  *** to find out the reason why the user was rejected.
[peap]  *** Look for "reject" or "fail".  Those earlier messages will tell
[peap]  *** what went wrong, and how to fix the problem.
  SSL: Removing session
1390126992ccf15f6eca58514ff74975f8661cc927bbe3a5f0e0a52b9a310e4a from the
[eap] Handler failed in EAP/peap
[eap] Failed in EAP select
++[eap] returns invalid
Failed to authenticate the user.
Login incorrect: [OPTARE\\brouco/<via Auth-Type = EAP>] (from client
privradius port 29 cli f0-4d-a2-bc-77-cd)
Using Post-Auth-Type Reject
  WARNING: Unknown value specified for Post-Auth-Type.  Cannot perform
requested action.
# Executing group from file /etc/freeradius/sites-enabled/default
Delaying reject of request 6 for 1 seconds

Thanks for the help

> -
> List info/subscribe/unsubscribe? See**
> list/users.html <>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list