TTLS use_tunneled_reply and Mac OSX

Scott Armitage S.P.Armitage at lboro.ac.uk
Wed Jul 20 15:31:44 CEST 2011


On 20 Jul 2011, at 12:49, Alexander Clouter wrote:

> Scott Armitage <S.P.Armitage at lboro.ac.uk> wrote:
>> 
>> I have noticed that when authenticating using TTLS/MSCHAPv2 that the 
>> outer-identity is used in the RADIUS reply packet even if the 
>> use_tunneled_reply is set to yes for TTLS in eap.conf
>> 
>> Does anyone know the reason for this?
>> 
> TLS session resumption?  

I am, but have tested with it off and get the same result.

> Also TTLS/MSCHAPv2 is possibly for you actually 
> TTLS/EAP-MSCHAPv2 which means you get in effect an inner-inner tunnel if 
> I remember correctly.
> 
> Have a nosey at:
> 
> http://www.mail-archive.com/freeradius-users@lists.freeradius.org/msg71026.html
> 

Thanks, for the link.  I could force the user-name in the reply, as suggested, with some rewriting of attributes.  I was mostly just wondering why TTLS behaved in this way.

Scott

-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 203 bytes
Desc: This is a digitally signed message part
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110720/ab99a6c3/attachment.pgp>


More information about the Freeradius-Users mailing list