++[mschap] returns reject
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Thu Sep 29 10:31:37 CEST 2011
On 28 Sep 2011, at 21:18, Alan DeKok wrote:
> scoth wrote:
>> I'm stuck in my testing. I have configured and reconfigured my freeradius
>> and keep getting back to the same error:
>> [mschap] ERROR: User-Name (RC24558\jojo) is not the same as MS-CHAP Name
>> (jojo) from EAP-MSCHAPv2
>
> That data is sent by the Windows box, and isn't under the control of
> FreeRADIUS.
>
> Sometimes Windows does this... I'm not really sure why.
>
>> I was able to use the mschap-username to successfully authenticate to ldap
>> but then fail in the authentication because the usernames are not the same.
>>
>> Any help is greatly appreciated.
>
> Set up a fake user account with a username "test", and password
> "hello". Do the same test. If you get the same error, submit the debug
> output to bugzilla.freeradius.org. I'll see if there's a way for the
> server to figure out the correct thing to do here.
Which standard says that the MSCHAPv2 identity and the PEAP Inner identity have to match?
I thought it was in the PEAPv0 draft but that doesn't actually mention MSCHAPv2 anywhere...
-Arran
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ !
More information about the Freeradius-Users
mailing list