My FR 2.1 is set to authenticate users via PEAP + EAP-TTLS, this works fine but some users are being rejected because their wireless client allows the setting of an outer identity: anonymous or something else, which is not a valid username. So it's being rejected. How do I get the inner identity which contains a valid username to be processed instead of the outer identity. I've seen some posts about using* Autz-type INNER* options but have merely succeded in breaking my test system when tryng it out. At present this is my users file: #If you are not in either group, no access is allowed #FreeRADIUS 2.1 #These are the groups we are checking for Lunar Building staff DEFAULT Ldap-Group == "lunar-staff" Aruba-User-Role = "employee" DEFAULT Ldap-Group == "lunar-member" Aruba-User-Role = "member" DEFAULT SQL-Group == "Guests" Aruba-User-Role = "guest" DEFAULT Ldap-group != "lunar-staff", Auth-Type := Reject DEFAULT Ldap-group != "lunar-member", Auth-Type := Reject #End