On 20 Jul 2011, at 13:39, Phil Mayers wrote:
On 20/07/11 11:26, Scott Armitage wrote:
Hi,
I have noticed that when authenticating using TTLS/MSCHAPv2 that the outer-identity is used in the RADIUS reply packet even if the use_tunneled_reply is set to yes for TTLS in eap.conf
That's not what we see:
[ttls] Using saved attributes from the original Access-Accept User-Name = "xxx" ... Sending Access-Accept of id 8 to 192.168.51.229 port 57353 User-Name = "xxx"
Can you show a debug?
I've attached a full debug. I notice that if I do a PEAP authentication i see the following: [peap] Using saved attributes from the original Access-Accept Reply-Message = "Authenticated by Test ORPS" User-Name = "scott-test" compared with TTLS which has: [ttls] Using saved attributes from the original Access-Accept Reply-Message = "Authenticated by Test ORPS"
Does anyone know the reason for this?
Are you using TLS session resumption?
Yes, however I disabled TLS session resumption and tested again and got the same results. Thanks Scott