Hello, While trying to authenticate an XP-Supplicant with PEAP and with_ntdomain_hack set to yes I get the following in my log:
rlm_eap: Identity does not match User-Name, setting from EAP Identity. In this case, the EAP Identitiy is 'MARVIN\\michael' and the User-Name is 'michael', because it got stripped in rlm_preprocess. Should this check really prevent EAP from working with_ntdomain_hack? Regards, Michael Here is a snippet from my log: rad_recv: Access-Request packet from host 192.168.100.23:192, id=10, length=129 User-Name = "MARVIN\\michael" NAS-IP-Address = 192.168.100.23 Calling-Station-Id = "00054e41f342" Called-Station-Id = "00022d196c54" NAS-Identifier = "AP1000" NAS-Port-Type = Wireless-802.11 Framed-MTU = 1400 EAP-Message = 0x02010013014d415256494e5c6d69636861656c Message-Authenticator = 0x468e5d01735251be458ac33dc6f74c5b modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 rlm_eap: EAP packet type response id 1 length 19 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 rlm_realm: No '@' in User-Name = "michael", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 0 users: Matched DEFAULT at 202 modcall[authorize]: module "files" returns ok for request 0 rlm_passwd: Added LM-Password: '8C6F5D02DEB21501AAD3B435B51404EE' to config_items rlm_passwd: Added NT-Password: 'E0FBA38268D0EC66EF1CB452D5885E53' to config_items rlm_passwd: Added SMB-Account-CTRL-TEXT: '[U ]' to config_items rlm_passwd: Adding Auth-Type: EAP modcall[authorize]: module "etc_smbpasswd" returns ok for request 0 modcall[authorize]: module "mschap" returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP rad_check_password: Found Auth-Type EAP Warning: Found 2 auth-types on request for user 'michael' auth: type "EAP" modcall: entering group authenticate for request 0 rlm_eap: Identity does not match User-Name, setting from EAP Identity. rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Login incorrect: [michael] (from client 192.168.100.23 port 0 cli 00054e41f342) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html