Re: Error: User-Name is not the same as MS-CHAP name
W dniu 2011-05-07 20:50, Robert Mc Cready pisze: The "MS-CHAP-Use-NTLM-Auth := no" did the job but I still have one problem with Windows XP clients, I get a " [mschap] ERROR: User-Name (CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from EAP-MSCHAPv2". Users log on locally, the host name is not a domain name. Windows 7 clients work fine because they send only the username. I do some rewrites so I can get the username for the LDAP authentication and the computers name for computer account authentication (I'm not familiar with unlang yet). We use FR 2.1.10. Any idea how to fix this ? Try to uncomment the ntdomain line in the authorize section of site configuration. This will split the realm (computer name) and login. Maybe you'll also need to set the with_ntdomain_hack = yes in mschap module configuration. Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS + Symbian = weird behaviour
W dniu 2011-04-10 14:25, Zeus V Panchenko pisze: Daniel Deptuła (daniel.dept...@gmail.com) [11.04.10 14:16] wrote: ... the same device works fine (getting authorized well) via one AP in my LAN and remote VPN, but receiving ... Have you installed the CA certificate on the phones?? You can check it propably somewhere in Menu-> Settings -> Phone -> Phone management -> Security -> Certificates management. For example in Nokia 5800 there are only VeriSign's CA certs installed by default. as written above, *the_same_device* with *the_same_certificates_(CA_and_personal)* works via one AP but not via another ... it worth to be mentioned, that as it written, the last packet from radiusd is challenge after what "EAP session for state ... did not finish!" appears ... while other OS-es works perfectly in any point. I assume SSIDs for both WLANs are the same. Have your tried to connect the remote AP in your LAN? Maybe Nokia saves something about the certain AP in the network profile? Or maybe there's a problem with timeouts or packet fragmentation caused by the VPN tunnel... Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP-TLS + Symbian = weird behaviour
W dniu 2011-04-10 11:08, Zeus V Panchenko pisze: Hi, may somebody advice, please i have: uname FreeBSD 8.1-RELEASE amd64 radiusd -v radiusd: FreeRADIUS Version 2.1.10, for host amd64-portbld-freebsd8.1, built on Apr 4 2011 at 22:44:15 radiusd configured with EAP-TLS only and works fine with xNIX-es, WinXP, Android and Maemo with Symbian (Nokia E51, E52) i face much weird picture ... the same device works fine (getting authorized well) via one AP in my LAN and remote VPN, but receiving !! !! EAP session for state ... did not finish! !! Please read http://wiki.freeradius.org/Certificate_Compatibility !! via another AP (in remote VPN, while other OS still authorized well) AP are the same models and configured the same way what can cause this behaviour? Have you installed the CA certificate on the phones?? You can check it propably somewhere in Menu-> Settings -> Phone -> Phone management -> Security -> Certificates management. For example in Nokia 5800 there are only VeriSign's CA certs installed by default. Daniel - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
