Not able to receive inner identity in Access-Accept in EAP-TTLS.
Axel Luttgens
axel.luttgens at skynet.be
Fri Aug 29 00:18:37 CEST 2014
Le 28 août 2014 à 21:37, Alan DeKok a écrit :
> [...]
> That's what I said. Don't update the outer reply. Update the inner
> reply.
Hello Alan,
Sorry for not having been able to read between the lines...
> Then, "use_tunneled_reply" should copy the inner reply to the
> outer reply.
... but then, yes, with:
use_tunneled_reply = yes
in eap's config and:
update reply {
User-Name = "%{request:User-Name}"
}
at the end of inner tunnel's post-auth section, everything seems to be working as expected.
If I may allow... the comment (suggestion) in raddb/sites-available/inner-tunnel is terribly disturbing:
# If you still want to use the inner tunnel User-Name then
# uncomment the section below, otherwise you may want
# to use Chargeable-User-Identity attribute from RFC 4372.
# See further on.
#update outer.reply {
# User-Name = "%{request:User-Name}"
#}
Thanks again,
Axel
More information about the Freeradius-Users
mailing list