----- Original Message ----- From: Alan DeKok <aland@ox.org> Date: Saturday, June 18, 2005 11:46 am Subject: Re: use_tunneled_reply
ragan_davis@colstate.edu wrote:
This leads a dunce like me to believe that radius will send a reply back to AP/NAS that has User-Name equaling "novelluser", rather than "anonymous".
Did you set "User-Name = novelluser" in the *reply* for the tunneled session?
Hmmmm...I did not explicitly do this. How to?
You can verify that, independent of EAP, but using "radtest" with the name & password of the tunneled user.
I'm testing this now, but don't see the same "Access-Accept" message in the debug output. Guess I'm still missing something.
I looked in the debug output (radiusd -A -X, right?). I think this is what I am supposed to look for:
Look at the REST of the debug output. It tells you what the reply is in the tunnel, and what it's copying back to the outer session.
Please, when you're reading the debug log, do MORE than just look at the last few lines.
Will do.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-ragan_davis@colstate.edu wrote:
Did you set "User-Name = novelluser" in the *reply* for the tunneled session?
Hmmmm...I did not explicitly do this. How to?
Set it as a reply attribute? user blah-blah = blah User-Name = `%{User-Name}`
You can verify that, independent of EAP, but using "radtest" with the name & password of the tunneled user.
I'm testing this now, but don't see the same "Access-Accept" message in the debug output. Guess I'm still missing something.
You will see the INNER TUNNEL Access-Accept. The reply attributes in that Access accept are the ones which will be copied to the outer tunnel, when TTLS is used. Alan DeKok.
participants (2)
-
Alan DeKok -
ragan_davis@colstate.edu