On 2/6/09 10:01, Alan DeKok wrote:
A.L.M.Buxey@lboro.ac.uk wrote:
does this fix mean that TTLS and PEAP get the inner identity copied correctly so there is no more need for
update outer.reply { User-Name = "%{User-Name}" }
That's still needed. The question is what do you want the server to do. Always over-ride the outer name with the inner one? If so, why is the outer one "anonymous", and the inner one "user@realm"?
I agree. Doing this by policy is a better idea than hardcoding behavior. We just need the policy to work correctly. Currently attributes in outer.reply are not inserted if: 1) You're doing EAP-TTLS-MSCHAPv2 2) The inner sever issued a reject These two cases need to be fixed for predictable behaviour. Did you get a chance to look at that patch I sent ? Arran -- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2