Hi,
I seem to have the same issue as described in this thread, I also have
XP/Novell legacy clients, and I want to move to AD from eDir.
Re: Error: User-Name is not the same as MS-CHAP
namehttps://lists.freeradius.org/pipermail/freeradius-users/2011-June/msg00070.html
The last mention I can see
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
I have a link to a torrent, just send me a email at pau...@mail.com
-
List info/subscribe/unsubscribe? See
On 03/06/11 13:10, Paul Harris wrote:
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
I have a link to a torrent, just send me a email at pau...@mail.com
Or not.
I'm not downloading a
On 2011/06/03 02:15 PM, Phil Mayers wrote:
I'm not downloading a torrent of copyrighted software to fix someone else's
problem.
As long as you dont get a key, it is legal.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
Before acting on
Johan Meiring wrote:
As long as you dont get a key, it is legal.
No.
This list is not the place to discuss non-FreeRADIUS software.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 03/06/11 15:09, Johan Meiring wrote:
On 2011/06/03 02:15 PM, Phil Mayers wrote:
I'm not downloading a torrent of copyrighted software to fix someone
else's
problem.
As long as you dont get a key, it is legal.
This is getting farcical...
Not picking on any one specific person here, but
Hi Phil,
What I really want to understand is, whether the check is too strict
and FreeRADIUS should be fixed, or whether Windows XP is just buggy.
I will try to check this tomorrow.
e.g. maybe the check should be:
if eap.username == mschap.username:
ok
elif not mschap.domain:
if
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, Jun 2, 2011 at 9:01 PM, Phil Mayers p.may...@imperial.ac.uk wrote:
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
This might help:
On 05/29/2011 03:10 PM, Francois Gaudreault wrote:
Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
Ok, so as before what we're seeing is that the host is sending
STIC08862\TechRMC
...in the EAP-Identity response, but:
TechRMC
...in the MSCHAP packet (the hex above decodes to that)
This
Hi Phil,
Forget about all that. Adding Realm's and fiddling with the packet
won't help; the check is hard-coded into the mschap module as a fairly
obvious security measure.
For example - suppose I have an environment with two separate domains:
STAFF
STUDENTS
...if the mschap module did
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think it is possible to send a different Username in
: Re: Error: User-Name is not the same as MS-CHAP name
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think
Hi,
On 11-05-30 9:55 AM, Phil Mayers wrote:
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think it
On 05/28/2011 06:33 PM, Francois Gaudreault wrote:
Sending tunneled request
EAP-Message =
0x020700421a0207003d3187ddf68b18fb1dce4cdd5b001c06abc09a7812e4d4a1f425347de951e68fac50054fd8ff32d403fa0054656368524d43
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name
Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
Ok, so as before what we're seeing is that the host is sending
STIC08862\TechRMC
...in the EAP-Identity response, but:
TechRMC
...in the MSCHAP packet (the hex above decodes to that)
This is obviously broken, but here's where I get confused:
On 05/27/2011 09:04 PM, Francois Gaudreault wrote:
Hi,
I had a look at this issue with him since he is one of our client.
Machine authentications are working flawlessly, windows 7 authentication
as well (no hostname is sent with the username).
I honestly lost track of this issue; the guy had
Hi Phil, and Alan,
I will get you the debug output for Windows XP SP3 boxes (likely Monday).
I will summarise what we have. Basically, this is a setup where the
client is using eDirectory to authorize the users using the rlm_ldap
module. On the windows boxes, it is configured to do PEAP
Hi,
Here is the complete debug log :
rad_recv: Access-Request packet from host 10.220.30.5 port 29010,
id=194, length=179
User-Name = STIC08862\\TechRMC
NAS-IP-Address = 10.220.30.5
NAS-Port = 0
Called-Station-Id = 58-16-26-AA-F7-A1:AVAYA-RESEAU
Hi,
I had a look at this issue with him since he is one of our client. Machine
authentications are working flawlessly, windows 7 authentication as well (no
hostname is sent with the username).
The problem is when the HOSTNAME is sent along with the username under windows
XP. I tried to set a
Francois Gaudreault wrote:
We are using mschap:user-name in the LDAP filter and in the ntlm_auth
line. Again, we are *NOT* rewriting the User-Name.
We need other ideas here.
Post the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
If the User-Name is being rewritten it is not intentional.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified clients.conf, attr_rewrite, ldap, mschap and
inner-tunnel and ran diff. I can see in the debug output of the server that
User-Name =
On 05/10/2011 03:35 PM, Robert Mc Cready wrote:
If the User-Name is being rewritten it is not intentional.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified clients.conf, attr_rewrite, ldap, mschap and
inner-tunnel and ran diff. I can see
Robert Mc Cready wrote:
If the User-Name is being rewritten it is not intentional.
Well... it's obviously someone you've changed, because it doesn't
happen in the default configuration.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified
[mailto:freeradius-users-bounces+robert-mccready=cspi.qc.ca@lists.freeradius
.org] De la part de Alan DeKok
Envoyé : 10 mai 2011 10:49
À : FreeRadius users mailing list
Objet : Re: Error: User-Name is not the same as MS-CHAP name
Robert Mc Cready wrote:
If the User-Name is being rewritten
Here it is:
FreeRADIUS Debugging Output
This colorized output was produced by an automated tool from Network RADIUS
Packet 0
Robert Mc Cready wrote:
The host name are not domain names, there are computers account name, and we
have hundreds of them . We only use the MS Domain to authenticate the
computers account, not the users.
Well... re-writing the names in the inner-tunnel server is breaking
authentication.
I do not rewrite the User-name attribute I rewrite only the
Stripped-User-Name attribute with these:
attr_rewrite copy.user-name {
attribute = Stripped-User-Name
new_attribute = yes
searchfor =
searchin = packet
Robert Mc Cready wrote:
I do not rewrite the User-name attribute I rewrite only the
Stripped-User-Name attribute with these:
No. Go READ the debug log you posted. The inner-tunnel virtual
server gets:
Sending tunneled request
EAP-Message =
On 05/07/2011 07:50 PM, Robert Mc Cready wrote:
The MS-CHAP-Use-NTLM-Auth := no did the job but I still have one
problem with Windows XP clients, I get a [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2. Users log on locally, the host
The MS-CHAP-Use-NTLM-Auth := no did the job but I still have one problem
with Windows XP clients, I get a [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2. Users log on locally, the host name is not a domain name.
Windows 7 clients work
W dniu 2011-05-07 20:50, Robert Mc Cready pisze:
The MS-CHAP-Use-NTLM-Auth := no did the job but I still have one
problem with Windows XP clients, I get a [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2. Users log on locally, the
32 matches
Mail list logo