Hi, Iam planning to send some Vendor Specific attributes to the user based on inner authentication. But by way of hack if user knows some other valid user name in the system he can use that as outer identity and get the policy setting of that user. So to avoid that Iam just thinking is there a way I can come out of this situation in freeradius Regards gnreddy 2008/6/11 Ivan Kalik <tnt@kalik.net>:
Why do you apply any policies to the outer identity?
Ivan Kalik Kalik Informatika ISP
Dana 11/6/2008, "Gopinath Reddy N" <gnreddy@gmail.com> piše:
Hello all,
Iam using freeradius 2.0.2 version with TTLS/MSCHAPv2
I have two users in configuration
tmpuser -> tmpgroup emp1 -> employee
Iam using "tmpuser" in outer authentication and "emp1" in inner authentication. I have eap.conf file configured with
ttls { copy_request_to_tunnel = yes use_tunneled_reply = yes } But when I login successfully freeradius is always applying policy from "tmpgroup" which belongs to the user used in outer authentication. But it is supposed to apply policy from employee group as I have used "employee" in inner authentication.
Could anybody let me know if this is a bug with freeradius or my configuration is wrong.
Thanks in advance
Regards gnreddy
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html