PEAP auth rejected due to different inner and outer user-id
douglas eseng
douglas.eseng at gmail.com
Tue Feb 11 17:37:15 CET 2014
On Tue, Feb 11, 2014 at 10:04 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
> > Running FR 2.2.3. PEAP tunneled authentication was successful. But get
> > rejected due to username mismatch. No issue when both username are the
> > same.
>
> you are playing with the User-Name....modifying it in some way....the
> client
> wont like it..and EAP stuff wont either. use 'Stripped-User-Name' etc in
> your
> backend authentication.
>
> alan
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
Hi Alan,
After you mentioned modifying User-Name. I noticed that all but the final
Access-requests received by the FR have User-Name="SLO", the last one is
User-Name="jacquegp" (the inner username). This is after the post-auth
section updated the outer.reply with inner User-Name and sent back in the
last Access-Challenge.
Could they be related?
Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140212/96508df7/attachment.html>
More information about the Freeradius-Users
mailing list