hi, i found the same question and also this topic already on the mailinglist, but no solution which works for me. i'm already debugging this thing the whole day, without any solution.
i'm using 802.1x with clients: winXP sp2 method: EAP-MSCHAPv2 server: 2.0.0-pre1 it works all fine, as long as i'm not supply any domain-name. if i supply a domain-name it immediately fails with rlm_eap: Identity does not match User-Name, setting from EAP Identity. could anybody help me with that? and yes, there is no entry in "users" for EAP. thx michael ****************** * DEBUG LOG ****************** rad_recv: Access-Request packet from host 192.168.0.240 port 1645, id=66, length=149 User-Name = "DOMAINXYZ\\mipa" Service-Type = Framed-User Framed-MTU = 1500 Called-Station-Id = "00-1A-E2-D8-3D-81" Calling-Station-Id = "00-80-C8-39-16-92" EAP-Message = 0x0202001601454e54455250524953455c7061747a6572 Message-Authenticator = 0xfe2f2b31d8a812b6338524fe5618414e NAS-Port-Type = Ethernet NAS-Port = 50001 NAS-IP-Address = 192.168.0.240 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module "preprocess" returns ok for request 0 modcall[authorize]: module "chap" returns noop for request 0 modcall[authorize]: module "mschap" returns noop for request 0 rlm_eap: EAP packet type response id 2 length 22 rlm_eap: No EAP Start, assuming it's an on-going EAP conversation modcall[authorize]: module "eap" returns updated for request 0 modcall[authorize]: module "files" returns noop for request 0 perl_pool: item 0x816a2d8 asigned new request. Handled so far: 1 found interpetator at address 0x816a2d8 rlm_perl: Added pair NAS-Port-Type = Ethernet rlm_perl: Added pair Service-Type = Framed-User rlm_perl: Added pair Calling-Station-Id = 00-80-C8-39-16-92 rlm_perl: Added pair Called-Station-Id = 00-1A-E2-D8-3D-81 rlm_perl: Added pair Message-Authenticator = 0xfe2f2b31d8a812b6338524fe5618414e rlm_perl: Added pair User-Name = DOMAINXYZ\\mipa rlm_perl: Added pair EAP-Message = 0x0202001601454e54455250524953455c7061747a6572 rlm_perl: Added pair EAP-Type = Identity rlm_perl: Added pair NAS-IP-Address = 192.168.0.240 rlm_perl: Added pair NAS-Port = 50001 rlm_perl: Added pair Framed-MTU = 1500 rlm_perl: Added pair Auth-Type = EAP perl_pool total/active/spare [32/0/32] Unreserve perl at address 0x816a2d8 modcall[authorize]: module "perl" returns ok for request 0 modcall[authorize]: module "expiration" returns noop for request 0 modcall[authorize]: module "logintime" returns noop for request 0 modcall: group authorize returns updated for request 0 rad_check_password: Found Auth-Type EAP auth: type "EAP" Processing the authenticate section of radiusd.conf modcall: entering group authenticate for request 0 rlm_eap: Identity does not match User-Name, setting from EAP Identity. rlm_eap: Failed in handler modcall[authenticate]: module "eap" returns invalid for request 0 modcall: group authenticate returns invalid for request 0 auth: Failed to validate the user. Found Post-Auth-Type Processing the post-auth section of radiusd.conf modcall: entering group REJECT for request 0 radius_xlat: 'DOMAINXYZ\\mipa' attr_filter: Matched entry DEFAULT at line 11 modcall[post-auth]: module "attr_filter.access_reject" returns updated for request 0 modcall: group REJECT returns updated for request 0 Delaying request 0 for 1 seconds Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 1 seconds... --- Walking the entire request list --- Sending Access-Reject of id 66 to 192.168.0.240 port 1645 Waking up in 4 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 66 with timestamp 475edfcb Nothing to do. Sleeping until we see a request. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html