debug afone wrote:
Hi,
I've got a new problem when I try to authenticate a Windows Vista client
with Freeradius.
Vista sends to the radius a User-Name like DOMAIN\USER.
When I use nt_domain_hack or the realm ntdomain, the domain disappear from
the User-Name attribute.
The authentication goes on, the login/password match in LDAP database but
EAP fails. Here's a trace :
rlm_ldap: user nsouleman authorized to use remote access
rlm_ldap: ldap_release_conn: Release Id: 0
modcall[authorize]: module "ldap" returns ok for request 3
modcall: leaving group authorize (returns updated) for request 3
rad_check_password: Found Auth-Type EAP
auth: type "EAP"
Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 3
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
modcall[authenticate]: module "eap" returns invalid for request 3
modcall: leaving group authenticate (returns invalid) for request 3
auth: Failed to validate the user.
As you can see, ldap module returns OK but I have this message just after :
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
Does anybody help me ?
Thanks.
Nicolas SOULEMAN.
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
rlm_eap: Failed in handler
User-Name attribute in Access-Accept packet must match EAP-Identity
encoded in EAP Packets, but can be different from identity used in the
EAP method.
--
Arran Cudbard-Bell ([EMAIL PROTECTED])
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
