EAP does not work with realms
Iliya Peregoudov
iperegudov at cboss.ru
Fri Jun 29 10:17:52 CEST 2012
Hello Chris,
Local realms should be defined as empty in raddb/proxy.conf. E.g.:
myrealm {
}
Your current erroneous setting
realm myrealm {
auth_pool = mypool
}
leads to stripping realm part from User-Name and proxying request to
127.0.0.1.
If you want to completely ignore realm presence in User-Name you need to
use %{%{Stripped-User-Name}:-%{User-Name}} instead of %{User-Name}.
E.g., in rlm_sql configuration:
sql {
...
sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name}}"
...
}
Christopher Manigan wrote:
> Hi, I am trying to get EAP MSCHAPv2 working with realms. When I authenticate without using a realm prefix, MSCHAPv2 works ok. Once I add a realm prefix in to the mix, I get radius rejection. Below is radius running in debug with a user failing to authenticate. I see this buried in the debug but am unsure how to troubleshoot or correct:
>
> [eap] Identity does not match User-Name, setting from EAP Identity.
> [eap] Failed in handler
> ++[eap] returns invalid
> Failed to authenticate the user.
> Using Post-Auth-Type Reject
>
> Here is the radius debug, with some information changed or removed to keep it anonymous:
More information about the Freeradius-Users
mailing list