PEAP auth rejected due to different inner and outer user-id
inverse
inverse at ngi.it
Tue Feb 11 15:16:19 CET 2014
The "eap_custom" module seems responsible for this behaviour so you should
look into its config, curiously enough I've found no traces of it in my
freeradius 2.2.3
Tue Feb 11 09:58:32 2014 : Debug: [eap_custom] Request found, released from
the list
Tue Feb 11 09:58:32 2014 : Debug: [eap_custom] Identity does not match
User-Name. Authentication failed.
Tue Feb 11 09:58:32 2014 : Debug: [eap_custom] Failed in handler
However I consider this a feature, not a bug. In fact as a local policy for
eduroam I've placed this in the inner-tunnel 's post-auth section:
if ( "%{outer.request:User-Name}" != "%{User-Name}" ){
reject
}
which does exactly that. If you see something along these lines, you've
found the source of your problems
Best regards,
Inverse
On Tue, Feb 11, 2014 at 2:45 PM, douglas eseng <douglas.eseng at gmail.com>wrote:
> Encountered the following issue.
>
> Running FR 2.2.3. PEAP tunneled authentication was successful. But get
> rejected due to username mismatch. No issue when both username are the same.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140211/ebbe611d/attachment.html>
More information about the Freeradius-Users
mailing list