ERROR: User-Name ... is not the same as MS-CHAP Name
Jim Seymour
jseymour at LinxNet.com
Fri Oct 2 02:25:50 CEST 2015
Hi All,
FreeRADIUS version 2.1.12 (2.1.12+dfsg-1.2ubuntu8.1)
Ubuntu 14.04.3 LTS
OpenLDAP 2.4.31
Goal is to use existing sambaLMPassword/sambaNTPassword/sambaEtc. in
OpenLDAP server data, to authenticate wireless clients--mostly running
MS-Win7. Some MS-WinXP. A few Linux clients.
Old version was FreeRADIUS 1.1.1, built from a tarball, running on a
Sun Sparc Solaris box, working against an older version of OpenLDAP
and Samba. Worked like a champ. Still working.
Referring to various on-line "how to"s and my old configs: Got the
new server kind of more-or-less running, the trick being in finding..
filter = "(uid=%{mschap:User-Name})"
to get clients authenticating via ldap. Then ran into the dreaded
Info: [mschap] ERROR: User-Name (hostname\username) is not the
same as MS-CHAP Name (username) from EAP-MSCHAPv2
Realms is not possible, because these are all workgroup
computers--not part of a domain. So they all send
"HOSTNAME\\username", rather than just "username."
I can auth with a Linux Mint client, no problem.
Searching and searching: I finally ran across a Red Hat bug report
thread where RH claimed "It's a bug, it's been patched" and they
closed it.
So: *Was* it a bug and *has* it been squashed? I have no problem
building and installing from a tarball, *if* it will fix the problem.
Thanks,
Jim
--
Note: My mail server employs *very* aggressive anti-spam
filtering. If you reply to this email and your email is
rejected, please accept my apologies and let me know via my
web form at <http://jimsun.LinxNet.com/contact/scform.php>.
More information about the Freeradius-Users
mailing list