EAP Identity and with_ntdomain_hack broken?

Fri, 16 Jan 2004 06:29:10 -0800 

Hello,
While trying to authenticate an XP-Supplicant with PEAP and
with_ntdomain_hack set to yes I get the following in my log:

rlm_eap: Identity does not match User-Name, setting from EAP Identity.

In this case, the EAP Identitiy is 'MARVIN\\michael' and the User-Name
is 'michael', because it got stripped in rlm_preprocess.

Should this check really prevent EAP from working with_ntdomain_hack?

Regards,
  Michael

Here is a snippet from my log:
rad_recv: Access-Request packet from host 192.168.100.23:192, id=10, length=129
        User-Name = "MARVIN\\michael"
        NAS-IP-Address = 192.168.100.23
        Calling-Station-Id = "00054e41f342"
        Called-Station-Id = "00022d196c54"
        NAS-Identifier = "AP1000"
        NAS-Port-Type = Wireless-802.11
        Framed-MTU = 1400
        EAP-Message = 0x02010013014d415256494e5c6d69636861656c
        Message-Authenticator = 0x468e5d01735251be458ac33dc6f74c5b
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  rlm_eap: EAP packet type response id 1 length 19
  rlm_eap: No EAP Start, assuming it's an on-going EAP conversation
  modcall[authorize]: module "eap" returns updated for request 0
    rlm_realm: No '@' in User-Name = "michael", looking up realm NULL
    rlm_realm: No such realm "NULL"
  modcall[authorize]: module "suffix" returns noop for request 0
    users: Matched DEFAULT at 202
  modcall[authorize]: module "files" returns ok for request 0
rlm_passwd: Added LM-Password: '8C6F5D02DEB21501AAD3B435B51404EE' to config_items
rlm_passwd: Added NT-Password: 'E0FBA38268D0EC66EF1CB452D5885E53' to config_items
rlm_passwd: Added SMB-Account-CTRL-TEXT: '[U          ]' to config_items
rlm_passwd: Adding Auth-Type: EAP
  modcall[authorize]: module "etc_smbpasswd" returns ok for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
modcall: group authorize returns updated for request 0
  rad_check_password:  Found Auth-Type EAP
  rad_check_password:  Found Auth-Type EAP
Warning:  Found 2 auth-types on request for user 'michael'
auth: type "EAP"
modcall: entering group authenticate for request 0
rlm_eap: Identity does not match User-Name, setting from EAP Identity.
  rlm_eap: Failed in handler
  modcall[authenticate]: module "eap" returns invalid for request 0
modcall: group authenticate returns invalid for request 0
auth: Failed to validate the user.
Login incorrect: [michael] (from client 192.168.100.23 port 0 cli 00054e41f342)

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to