rlm_passwd fails Stripped-User-Name check when in inner-tunnel mode (PEAP)

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Thu Nov 12 10:14:07 CET 2015


heres your issue:

[mschapv2] # Executing group from file
[mschapv2] +group MS-CHAP {
[mschap] No Cleartext-Password configured.  Cannot create LM-Password.
[mschap] No Cleartext-Password configured.  Cannot create NT-Password.
[mschap] Creating challenge hash with username: john at eduroam.example.edu
[mschap] Client is using MS-CHAPv2 for john at eduroam.example.edu, we need
[mschap] FAILED: No NT/LM-Password.  Cannot perform authentication.
[mschap] FAILED: MS-CHAP2-Response is incorrect
++[mschap] = reject
+} # group MS-CHAP = reject
[eap] Freeing handler
++[eap] = reject
+} # group authenticate = reject
Failed to authenticate the user.
Login incorrect: [john at eduroam.example.edu/<via Auth-Type = EAP>] (from
client network8 port 0 via TLS tunnel)
Using Post-Auth-Type Reject

as you can see, its not using Stripped-User-Name.... its using the User-Name

thats why 'john' works and this "john at eduroam.example.edu" doesnt

I'm guessing you have

'john' in your users file....  though you probably want to have that auth somewhere else
anyway - in LDAP or AD.... 


More information about the Freeradius-Users mailing list