16 Jan
2008
16 Jan
'08
8:19 a.m.
Thierry CHICH wrote:
I have an access-point, and I want use EAP/TTLS in order to authenticate people on my LDAP server. The first time, I had then something like that: ... in my intel proset, if I am giving a false identity in my roaming profile with a good identity and a good password, it is working. The authorization step doesn't work as I want. The most important problem is that the accounting is using my roaming profile.
Yes. The outer identity is often "anonymous", and does not matter for authentication. If you set the User-Name in the Access-Accept, the NAS *should* use that name for accounting, and not the name from the outer identity. Alan DeKok.