PEAP auth rejected due to different inner and outer user-id

douglas eseng douglas.eseng at
Tue Feb 11 17:37:15 CET 2014

On Tue, Feb 11, 2014 at 10:04 PM, <A.L.M.Buxey at> wrote:

> Hi,
> >    Running FR 2.2.3. PEAP tunneled authentication was successful. But get
> >    rejected due to username mismatch. No issue when both username are the
> >    same.
> you are playing with the User-Name....modifying it in some way....the
> client
> wont like it..and EAP stuff wont either.  use 'Stripped-User-Name' etc in
> your
> backend authentication.
> alan
> -
> List info/subscribe/unsubscribe? See

Hi Alan,

After you mentioned modifying User-Name. I noticed that all but the final
Access-requests received by the FR have User-Name="SLO", the last one is
User-Name="jacquegp" (the inner username). This is after the post-auth
section updated the outer.reply with inner User-Name and sent back in the
last Access-Challenge.

Could they be related?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the Freeradius-Users mailing list