On May 6, 2020, at 5:20 AM, JAVIER SANDOVAL <javier_sandoval_ldc@yahoo.es> wrote:
Very interesting your speech but nothing to do with the real thing.
This is fundamentally a communication problem. You're not saying what you're doing, and you're misunderstanding what I say. When I say "the other end won't do what you want", your conclusion should *not* be "FreeRADIUS can't do it". That's not what I said. Such a response is not appropriate.
I have the setup working with a different AAA solution in the market, there is zero problems for the windows VPN clients to work when Radius send the identity-Request. It definitely works perfectly.
Post PCAP files.
I have neither ideas nor opinions about EAP.
That's clearly not true. I suggest telling the truth.
asking for the EAP-identity it is quite normal for several uses-cases and its is quite clear at the RFCs.
Will the other end *change* it's identity response as you were implying? Or, send back the same response as I suggested? The RFCs absolutely do not say "Oh, if you ask *enough*, then the other end will send you the *real* identity you want".
For different reasons, I needed to asses the possibility of this use-case with Freeradius, that was all.
Freeradius is not a problem at all. I like it, I was just asking about the integration with this use-case and asking for advice.
FreeRADIUS can do just about anything. You *can* make FreeRADIUS do whatever you want, including sending EAP-Identity requests. Alan DeKok.