Hi Team, Is there a way using which NAS can identify whether client has used anonymous identity OR not used(i.e. blank)? Thanks, Bhavesh. On Friday 29 August 2014 03:18 PM, Stefan Paetow wrote:
My log excerpts provided examples of the problem I was facing with both TTLS-MSCHAPv2 and PEAP-MSCHAPv2; I also tried TTLS-PAP, with the same negative result. I haven't seen any full debug logs (i.e. running radiusd -X and sending the list the complete output) from you... only snippets, which are not helpful without any context.
To be sure, do you mean you really manage to retrieve the inner identity with the help of an "update outer.reply" only? Yes. In the 'eap' module I have:
eap: default_eap_type = ttls
eap, ttls: default_eap_type = mschapv2 copy_request_to_tunnel = yes use_tunneled_reply = no
eap, peap: identical to eap, ttls.
In inner-tunnel, post-auth:
if (... comparison here irrelevant ...) { update outer.reply { User-Name := "%{Stripped-User-Name}" } } else { cui-inner }
Works fine here...
One thing I did find when I used eapol_test (or more specifically, rad_eap_test, which calls eapol_test), I had to make sure I specified EAPMSCHAPv2 as the inner auth method. Just specifying MSCHAPv2 does not make it EAP-MSCHAPv2.
Stefan
Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html