Masquerading MSCHAPv2 User-Name?

Alan DeKok aland at
Sat Feb 20 12:22:07 CET 2021

On Feb 20, 2021, at 2:16 AM, David Herselman via Freeradius-Users <freeradius-users at> wrote:
> Hi Alan,
> Changing the key in mods-enabled/files unfortunately results in the group checks then failing. It appears 'Group ==' checks require 'User-Name' to be set. Is this possibly a bug?


  The Group attribute does lookups in Unix groups, based on User-Name.  This is documented.

  If there's no User-Name, then the Group lookups can't happen.

  And... if these group lookups are failing, then there's no User-Name in the Access-Request.  How does that happen?  It's *always* supposed to be included!

  Alan DeKok.

More information about the Freeradius-Users mailing list