Hi,
I seem to have the same issue as described in this thread, I also have
XP/Novell legacy clients, and I want to move to AD from eDir.
Re: Error: User-Name is not the same as MS-CHAP
name<https://lists.freeradius.org/pipermail/freeradius-users/2011-June/msg00070.html>
The last mention
On 03/06/11 15:09, Johan Meiring wrote:
On 2011/06/03 02:15 PM, Phil Mayers wrote:
I'm not downloading a torrent of copyrighted software to fix someone
else's
problem.
As long as you dont get a key, it is legal.
This is getting farcical...
Not picking on any one specific person here, but
Johan Meiring wrote:
> As long as you dont get a key, it is legal.
No.
This list is not the place to discuss non-FreeRADIUS software.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On 2011/06/03 02:15 PM, Phil Mayers wrote:
I'm not downloading a torrent of copyrighted software to fix someone else's
problem.
As long as you dont get a key, it is legal.
--
Johan Meiring
Cape PC Services CC
Tel: (021) 883-8271
Fax: (021) 886-7782
Before acting on thi
On 03/06/11 13:10, Paul Harris wrote:
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
I have a link to a torrent, just send me a email at pau...@mail.com
Or not.
I'm not downloading a
On 02/06/11 14:47, Francois Gaudreault wrote:
>>>
>> Did you have a chance to look at it?
>Ironically I'm having trouble finding a windows XP install CD...
I have a link to a torrent, just send me a email at pau...@mail.com
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/li
On 06/02/2011 10:39 PM, Fajar A. Nugraha wrote:
On Thu, Jun 2, 2011 at 9:01 PM, Phil Mayers wrote:
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
This might help:
Not really.
-
List in
On Thu, Jun 2, 2011 at 9:01 PM, Phil Mayers wrote:
> On 02/06/11 14:47, Francois Gaudreault wrote:
>
>>>
>> Did you have a chance to look at it?
>
> Ironically I'm having trouble finding a windows XP install CD...
This might help:
http://www.microsoft.com/downloads/en/details.aspx?FamilyID=21eabb
On 02/06/11 14:47, Francois Gaudreault wrote:
Did you have a chance to look at it?
Ironically I'm having trouble finding a windows XP install CD...
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Hi Phil,
What I really want to understand is, whether the check is too strict
and FreeRADIUS should be fixed, or whether Windows XP is just buggy.
I will try to check this tomorrow.
e.g. maybe the check should be:
if eap.username == mschap.username:
ok
elif not mschap.domain:
if eap.stri
Hi,
On 11-05-30 9:55 AM, Phil Mayers wrote:
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think it
ss
-Original Message-
From: Phil Mayers
Sender: freeradius-users-bounces+ironrake=yahoo@lists.freeradius.org
Date: Mon, 30 May 2011 14:55:03
To: FreeRadius users mailing list
Reply-To: FreeRadius users mailing list
Subject: Re: Error: User-Name is not the same as MS-CHAP name
On Mon, M
On Mon, May 30, 2011 at 07:54:01AM -0400, Francois Gaudreault wrote:
There's no guarantee that STAFF\john and STUDENT\john at the same
person; you can't just ignore the fact that the client has changed
their username.
True. But I don't think it is possible to send a different Username in
E
Hi Phil,
Forget about all that. Adding Realm's and fiddling with the packet
won't help; the check is hard-coded into the mschap module as a fairly
obvious security measure.
For example - suppose I have an environment with two separate domains:
STAFF
STUDENTS
...if the mschap module did *not
On 05/29/2011 03:10 PM, Francois Gaudreault wrote:
Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
Ok, so as before what we're seeing is that the host is sending
STIC08862\TechRMC
...in the EAP-Identity response, but:
TechRMC
...in the MSCHAP packet (the hex above decodes to that)
This is
Hi Phil,
On 11-05-29 6:16 AM, Phil Mayers wrote:
Ok, so as before what we're seeing is that the host is sending
STIC08862\TechRMC
...in the EAP-Identity response, but:
TechRMC
...in the MSCHAP packet (the hex above decodes to that)
This is obviously broken, but here's where I get confused:
On 05/28/2011 06:33 PM, Francois Gaudreault wrote:
Sending tunneled request
EAP-Message =
0x020700421a0207003d3187ddf68b18fb1dce4cdd5b001c06abc09a7812e4d4a1f425347de951e68fac50054fd8ff32d403fa0054656368524d43
FreeRADIUS-Proxied-To = 127.0.0.1
User-Name
Hi,
Here is the complete debug log :
rad_recv: Access-Request packet from host 10.220.30.5 port 29010,
id=194, length=179
User-Name = "STIC08862\\TechRMC"
NAS-IP-Address = 10.220.30.5
NAS-Port = 0
Called-Station-Id = "58-16-26-AA-F7-A1:AVAYA-RESEAU"
Call
Hi Phil, and Alan,
I will get you the debug output for Windows XP SP3 boxes (likely Monday).
I will summarise what we have. Basically, this is a setup where the
client is using eDirectory to authorize the users using the rlm_ldap
module. On the windows boxes, it is configured to do PEAP usin
On 05/27/2011 09:04 PM, Francois Gaudreault wrote:
Hi,
I had a look at this issue with him since he is one of our client.
Machine authentications are working flawlessly, windows 7 authentication
as well (no hostname is sent with the username).
I honestly lost track of this issue; the guy had s
Francois Gaudreault wrote:
> We are using mschap:user-name in the LDAP filter and in the ntlm_auth
> line. Again, we are *NOT* rewriting the User-Name.
>
> We need other ideas here.
Post the debug output.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/user
Hi,
I had a look at this issue with him since he is one of our client. Machine
authentications are working flawlessly, windows 7 authentication as well (no
hostname is sent with the username).
The problem is when the HOSTNAME is sent along with the username under windows
XP. I tried to set a
Robert Mc Cready wrote:
> The host name are not domain names, there are computers account name, and we
> have hundreds of them . We only use the MS Domain to authenticate the
> computers account, not the users.
Well... re-writing the names in the "inner-tunnel" server is breaking
authentication.
Here it is:
FreeRADIUS Debugging Output
This colorized output was produced by an automated tool from Network RADIUS
Packet 0
ra
s.org
[mailto:freeradius-users-bounces+robert-mccready=cspi.qc.ca@lists.freeradius
.org] De la part de Alan DeKok
Envoyé : 10 mai 2011 10:49
À : FreeRadius users mailing list
Objet : Re: Error: User-Name is not the same as MS-CHAP name
Robert Mc Cready wrote:
> If the User-Name is being rewritten i
Robert Mc Cready wrote:
> If the User-Name is being rewritten it is not intentional.
Well... it's obviously someone you've changed, because it doesn't
happen in the default configuration.
> Now, I reinstalled from scratch, save the default configuration, join the
> server to the domain, modifie
On 05/10/2011 03:35 PM, Robert Mc Cready wrote:
If the User-Name is being rewritten it is not intentional.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified clients.conf, attr_rewrite, ldap, mschap and
inner-tunnel and ran diff. I can see in
If the User-Name is being rewritten it is not intentional.
Now, I reinstalled from scratch, save the default configuration, join the
server to the domain, modified clients.conf, attr_rewrite, ldap, mschap and
inner-tunnel and ran diff. I can see in the debug output of the server that
User-Name = "
Robert Mc Cready wrote:
> I do not rewrite the User-name attribute I rewrite only the
> Stripped-User-Name attribute with these:
No. Go READ the debug log you posted. The "inner-tunnel" virtual
server gets:
Sending tunneled request
EAP-Message = 0x020800421a0208003d314cc241739d871a4cb33b63386
I do not rewrite the User-name attribute I rewrite only the
Stripped-User-Name attribute with these:
attr_rewrite copy.user-name {
attribute = Stripped-User-Name
new_attribute = yes
searchfor = ""
searchin = packet
rep
On 05/07/2011 07:50 PM, Robert Mc Cready wrote:
The "MS-CHAP-Use-NTLM-Auth := no" did the job but I still have one
problem with Windows XP clients, I get a " [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2". Users log on locally, the hos
W dniu 2011-05-07 20:50, Robert Mc Cready pisze:
The "MS-CHAP-Use-NTLM-Auth := no" did the job but I still have one
problem with Windows XP clients, I get a " [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2". Users log on locally, th
The "MS-CHAP-Use-NTLM-Auth := no" did the job but I still have one problem
with Windows XP clients, I get a " [mschap] ERROR: User-Name
(CAD08862\ldapuser) is not the same as MS-CHAP Name (ldapuser) from
EAP-MSCHAPv2". Users log on locally, the host name is not a domain name.
Windows 7 clients wor
33 matches
Mail list logo
