Hello Chris,
Local realms should be defined as empty in raddb/proxy.conf. E.g.:
myrealm {
}
Your current erroneous setting
realm myrealm {
auth_pool = mypool
}
leads to stripping realm part from User-Name and proxying request to
127.0.0.1.
If you want to completely ignore realm presence in User-Name you need to
use %{%{Stripped-User-Name}:-%{User-Name}} instead of %{User-Name}.
E.g., in rlm_sql configuration:
sql {
...
sql_user_name = "%{%{Stripped-User-Name}:-%{User-Name}}"
...
}
Christopher Manigan wrote:
Hi, I am trying to get EAP MSCHAPv2 working with realms. When I authenticate
without using a realm prefix, MSCHAPv2 works ok. Once I add a realm prefix in
to the mix, I get radius rejection. Below is radius running in debug with a
user failing to authenticate. I see this buried in the debug but am unsure how
to troubleshoot or correct:
[eap] Identity does not match User-Name, setting from EAP Identity.
[eap] Failed in handler
++[eap] returns invalid
Failed to authenticate the user.
Using Post-Auth-Type Reject
Here is the radius debug, with some information changed or removed to keep it
anonymous:
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html