rlm_passwd fails Stripped-User-Name check when in inner-tunnel mode (PEAP)
Alan DeKok
aland at deployingradius.com
Thu Nov 12 03:13:17 CET 2015
On Nov 11, 2015, at 8:02 PM, Tim Chen <gphoto6 at gmail.com> wrote:
> I am using Freeradius version 2.2.9. I doubt that module rlm_passwd have
> some problem handle Stripped-User-Name check when in inner-tunnel mode
> (PEAP).
Stripped-User-Name is just an attribute like any other.
> 3. EAP(PEAP)
> I use eapol_test to test
> identity="john" PASS
> identity="john at eduroam.example.edu" FAIL!!
>
> log from debug shows:
What does ALL of the debug output show?
> However, I did more tests:
...
> 2. if I change modules/passwd into
> passwd passwdf1 {
> filename = /home/radius/passwd1
> format = "*Stripped-User-Name:NT-Password:"
> Then ALL authentication tests FAILED
What does the debug output show?
> I doubt if there is some problem in the rlm_passwd module?
The rlm_passwd module deals with attributes. It doesn't care *what* the attribute is.
So there's nothing magical about Stripped-User-Name. If it doesn't work... there's some *other* reason why it's failing.
As always, read the *full* debug output to see what's happening.
Alan DeKok.
More information about the Freeradius-Users
mailing list