Difference between local and external in inner-tunnel
alan buxey
A.L.M.Buxey at lboro.ac.uk
Fri Jun 15 12:02:29 CEST 2012
Hi,
> Our FR is doing EAP most of the time, and it's working fine.
> However, we would want our NAS to see the inner true User-Name, not the
> outer one. I know this can be set in the inner-tunnel post-auth section
> uncommenting the update outer.reply lines, but that exposes our users'
> inner User-Name to proxied-to-us authentications.
>
> So my question is: Which attributes should I check to tell apart local and
> external auths?
you can add an attribute (and local one you want) to the request/reply in the inner-tunnel
and then see that request in the outer tunnel - so local users can be seen/verified via that
local internal attribute as remote auths wouldnt have that attribute
alan
More information about the Freeradius-Users
mailing list