PEAP auth rejected due to different inner and outer user-id

inverse inverse at
Tue Feb 11 15:16:19 CET 2014

The "eap_custom" module seems responsible for this behaviour so you should
look into its config, curiously enough I've found no traces of it in my
freeradius 2.2.3

Tue Feb 11 09:58:32 2014 : Debug: [eap_custom] Request found, released from
the list
Tue Feb 11 09:58:32 2014 : Debug: [eap_custom] Identity does not match
User-Name.  Authentication failed.
Tue Feb 11 09:58:32 2014 : Debug: [eap_custom] Failed in handler

However I consider this a feature, not a bug. In fact as a local policy for
eduroam I've placed this in the inner-tunnel 's post-auth section:

if ( "%{outer.request:User-Name}" != "%{User-Name}" ){

which does exactly that. If you see something along these lines, you've
found the source of your problems

Best regards,


On Tue, Feb 11, 2014 at 2:45 PM, douglas eseng <douglas.eseng at>wrote:

> Encountered the following issue.
> Running FR 2.2.3. PEAP tunneled authentication was successful. But get
> rejected due to username mismatch. No issue when both username are the same.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list