Hi Again, I think I have found why it is sending the username in the Access Accept (update outer.session-state is uncommented) so that's ok but is there a way for me to be sure it's being tunneled? The debug logs state "eap_ttls: Got tunneled Access-Accept" and the logs state the final auth accept came "Via TLS Tunnel" so this would lead me to believe it's fine but is that enough to go on? Just trying to cover everything. Kind regards, Connor On Fri, Sep 13, 2024 at 9:14 AM Connor Herring <connorrjherring@gmail.com> wrote:
Hi All,
I'm a bit confused here. I've got EAP-TTLS/PAP set up. To ensure that everything was setup correctly, I have run a PCAP from the supplicant to see if I could see any auth details being sent (I couldn't), I have also run a PCAP from an AP in sniffer mode (also couldn't see anything, only probes and broadcasts), however, I ran a TCPDump on the RADIUS server itself and while I couldn't see the password that was being sent, I could see the tunnelled username and VLAN attributes in the Access-Accept.
My question is, is this expected? Want to ensure this isn't just a misconfiguration.
Kind regards,
Connor