TTLS use_tunneled_reply and Mac OSX
Scott Armitage
S.P.Armitage at lboro.ac.uk
Wed Jul 20 15:27:17 CEST 2011
On 20 Jul 2011, at 13:39, Phil Mayers wrote:
> On 20/07/11 11:26, Scott Armitage wrote:
>> Hi,
>>
>> I have noticed that when authenticating using TTLS/MSCHAPv2 that the
>> outer-identity is used in the RADIUS reply packet even if the
>> use_tunneled_reply is set to yes for TTLS in eap.conf
>
> That's not what we see:
>
> [ttls] Using saved attributes from the original Access-Accept
> User-Name = "xxx"
> ...
> Sending Access-Accept of id 8 to 192.168.51.229 port 57353
> User-Name = "xxx"
>
> Can you show a debug?
I've attached a full debug. I notice that if I do a PEAP authentication i see the following:
[peap] Using saved attributes from the original Access-Accept
Reply-Message = "Authenticated by Test ORPS"
User-Name = "scott-test"
compared with TTLS which has:
[ttls] Using saved attributes from the original Access-Accept
Reply-Message = "Authenticated by Test ORPS"
>
>>
>> Does anyone know the reason for this?
>
> Are you using TLS session resumption?
Yes, however I disabled TLS session resumption and tested again and got the same results.
Thanks
Scott
-------------- next part --------------
A non-text attachment was scrubbed...
Name: radius-debug
Type: application/octet-stream
Size: 33496 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110720/ede9b2fb/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110720/ede9b2fb/attachment.pgp>
More information about the Freeradius-Users
mailing list