ERROR: User-Name ... is not the same as MS-CHAP Name

Jim Seymour jseymour at
Fri Oct 2 02:25:50 CEST 2015

Hi All,

FreeRADIUS version 2.1.12 (2.1.12+dfsg-1.2ubuntu8.1)

Ubuntu 14.04.3 LTS
OpenLDAP 2.4.31

Goal is to use existing sambaLMPassword/sambaNTPassword/sambaEtc. in
OpenLDAP server data, to authenticate wireless clients--mostly running
MS-Win7. Some MS-WinXP.  A few Linux clients.

Old version was FreeRADIUS 1.1.1, built from a tarball, running on a
Sun Sparc Solaris box, working against an older version of OpenLDAP
and Samba. Worked like a champ.  Still working.

Referring to various on-line "how to"s and my old configs: Got the
new server kind of more-or-less running, the trick being in finding..

    filter = "(uid=%{mschap:User-Name})"

to get clients authenticating via ldap.  Then ran into the dreaded

    Info: [mschap] ERROR: User-Name (hostname\username) is not the
      same as MS-CHAP Name (username) from EAP-MSCHAPv2

Realms is not possible, because these are all workgroup
computers--not part of a domain.  So they all send
"HOSTNAME\\username", rather than just "username."

I can auth with a Linux Mint client, no problem.

Searching and searching: I finally ran across a Red Hat bug report
thread where RH claimed "It's a bug, it's been patched" and they
closed it.

So: *Was* it a bug and *has* it been squashed?  I have no problem
building and installing from a tarball, *if* it will fix the problem.

Note: My mail server employs *very* aggressive anti-spam
filtering.  If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <>.

More information about the Freeradius-Users mailing list