On 10/09/2024 12:28, Connor Herring wrote:
If I'm not mistaken this is set on the client side, however, how would I make it so that the anonymous username is sent as the outer identity and the real username is then sent as the inner identity? The server is functioning fine as it is, the TTLS tunnel gets initiated and by the looks of it the username and password are tunnelled within the tunnel and authenticated by PAP/MD5.
Supplicants generally have two boxes, one to enter "identity" and the other to enter "anonymous identity". Identity goes inside the tunnel (e.g. "user@realm"), anonymous identity (e.g. "@realm") goes in the outer. It's fully set by the client device, it can't be forced from the server. If there is no separate anonymous identity setting, then it can't be changed and both will be the same. -- Matthew