Hi, On Thu, Jan 15, 2015, at 5:49, Lai Fu Keung <tfklai@hku.hk> wrote:
Hi,
I am trying in configure my FR v3.0.4 to pass inner identity to outer in eap-peap setup. I read some of the old mails with similar issues, like the following:
http://lists.freeradius.org/pipermail/freeradius-users/2014-August/073458.ht ml
I made the following setting as suggested in the mail:
1. Update outer reply in file inner-tunnel, post auth: update outer.reply { User-Name = "%{request:User-Name}" } 2. Set "use_tunneled_reply=yes" in file eap
IIRC, when you set use_tunneled_reply to yes, all updates to outer.reply are ignored and the outer reply is filled with attributes from the original Access-Request. That's why you get User-Name filled with the outer anonymous identity. Try setting that to no and filling the outer reply with any other attributes you need in that update outer.reply block.
With the above setting, I still couldn't get it working. I compared my
debug with that of above article. I see the difference at this line:
eap_peap : Using saved attributes from the original Access-Accept Stripped-User-Name = 'bob'
The above article uses "User-Name". Is this the difference?
I use "Stripped-User-Name" for actual authentication against ldap, but
want "User-Name" (with domain) for logging and accounting. I am not sure when they are used in different phases.
At near the end of the debug, I even see:
Stripped-User-Name = 'bigman'
which is obviously wrong, as 'bigman' is the name I made up for "Anonymous Identity".
Can anyone give me a clue what I have done wrong? Thanks in advance. Debug log follows.
Fu-Keung
Enrique Sainz Baixauli