rlm_passwd fails Stripped-User-Name check when in inner-tunnel mode (PEAP)

Alan DeKok aland at deployingradius.com
Thu Nov 12 03:13:17 CET 2015

On Nov 11, 2015, at 8:02 PM, Tim Chen <gphoto6 at gmail.com> wrote:
> I am using Freeradius version 2.2.9. I doubt that module rlm_passwd have
> some problem handle Stripped-User-Name check when in inner-tunnel mode
> (PEAP).

  Stripped-User-Name is just an attribute like any other.

> 3. EAP(PEAP)
>   I use eapol_test to test
>   identity="john" PASS
>   identity="john at eduroam.example.edu" FAIL!!
>   log from debug shows:

  What does ALL of the debug output show?

> However, I did more tests:
> 2. if I change modules/passwd into
>   passwd passwdf1 {
>        filename = /home/radius/passwd1
>        format = "*Stripped-User-Name:NT-Password:"
>   Then ALL authentication tests FAILED

  What does the debug output show?

> I doubt if there is some problem in the rlm_passwd module?

  The rlm_passwd module deals with attributes.  It doesn't care *what* the attribute is.

  So there's nothing magical about Stripped-User-Name.  If it doesn't work... there's some *other* reason why it's failing.

  As always, read the *full* debug output to see what's happening.

  Alan DeKok.

More information about the Freeradius-Users mailing list