Change username for MSCHAPv2

Alan DeKok aland at
Mon Jul 3 14:36:17 CEST 2017

> On Jul 3, 2017, at 8:28 AM, Gabriele Verzeletti <gabriele at> wrote:
> Using Stripped-User-Name was one of my first try.
> I got this error

  Did you try using the default configuration for the mschap module?  Which has Stripped-User-Name in it?  And which works?

> eap_mschapv2: # Executing group from file /etc/raddb/sites-enabled/inner-tunnel
> (8) eap_mschapv2:   Auth-Type MS-CHAP {
> (8) mschap: Creating challenge hash with username: /user/@/
> (8) mschap: Client is using MS-CHAPv2
> (8) mschap: Executing: /usr/bin/ntlm_auth --request-nt-key --username=%{%{mschap:Stripped-User-Name}:-None} --challenge=%{%{mschap:Challenge}:-00} --nt-response=%{%{mschap:NT-Response}:-00}:
> (8) mschap: ERROR: Unknown expansion string 'Stripped-User-Name' <--------------------------- UNKNOWN !!!!!

  Yes... the default configuration has %{Stripped-User-Name}.  Not %{mschap:Stripped-User-Name}.

  Why did you edit the default configuration and break it?

  Alan DeKok.

More information about the Freeradius-Users mailing list