Apologies, I didn't read all the MAN pages, found the answer I needed
>My FR 2.1 is set to authenticate users via PEAP + EAP-TTLS, this works fine but some users are being rejected
>So it's being rejected. How do I get the inner identity which contains
a valid username to be processed instead of the outer identity.
>I've seen some posts about using Autz-type INNER options but have merely succeded in breaking my test system when tryng it out.
>
>At present this is my users file:
>
>
>
>
>
>
>#If you are not in either group, no access is allowed
>#FreeRADIUS 2.1
>
>
>#These are the groups we are checking for Lunar Building staff
>DEFAULT Ldap-Group == "lunar-staff"
> Aruba-User-Role = "employee"
>
>DEFAULT Ldap-Group == "lunar-member"
> Aruba-User-Role = "member"
>
>DEFAULT SQL-Group == "Guests"
> Aruba-User-Role = "guest"
>
>DEFAULT Ldap-group != "lunar-staff", Auth-Type := Reject
>DEFAULT Ldap-group != "lunar-member", Auth-Type := Reject
>#End