> I created once again certs by myself, giving common name for user cert the > same like in example > u...@example.com, I place them on xp client - both of them looks ok, > now something is happening (anyway like Aragorn said: "still not king"): > > > Ready to process requests. > rad_recv: Access-Request packet from host 192.168.5.206 port 1812, id=206, > length=147 ... > User-Name = "u...@example.com" ... > [suffix] Found realm "example.com" > [suffix] Adding Stripped-User-Name = "user" > [suffix] Adding Realm = "example.com" > [suffix] Proxying request from user user to realm example.com > [suffix] Preparing to proxy authentication request to realm "example.com" > ++[suffix] returns updated ... > Sending Access-Request of id 14 to 127.0.0.1 port 1812 ... > User-Name = "user" ... > Found Auth-Type = EAP > +- entering group authenticate {...} > [eap] Identity does not match User-Name, setting from EAP Identity. ...
Don't strip the username. Why do you proxy this anyway? Create it as a local realm: realm example.com { } Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html