use_tunneled_reply
ragan_davis at colstate.edu
ragan_davis at colstate.edu
Sun Jun 19 14:59:13 CEST 2005
Ahh, I see. Based on the syntax you used it looks like I'd do this
using local users file. However, I'm using edirectory for the user
db. I have seen in the debug output where radius is checking for any
reply items in the directory. Maybe I could use radiusReplyItem as an
attribute in edir with a value "User-Name = ${User-Name}"?
thanks,
mack
----- Original Message -----
From: Alan DeKok <aland at ox.org>
Date: Saturday, June 18, 2005 4:21 pm
Subject: Re: use_tunneled_reply
> -ragan_davis at colstate.edu wrote:
> > > Did you set "User-Name = novelluser" in the *reply* for the
> tunneled> > session?
> >
> > Hmmmm...I did not explicitly do this. How to?
>
> Set it as a reply attribute?
>
> user blah-blah = blah
> User-Name = `%{User-Name}`
>
> > > You can verify that, independent of EAP, but using "radtest"
with
> > > the name & password of the tunneled user.
> >
> > I'm testing this now, but don't see the same "Access-Accept"
> message in
> > the debug output. Guess I'm still missing something.
>
> You will see the INNER TUNNEL Access-Accept. The reply attributes
> in that Access accept are the ones which will be copied to the outer
> tunnel, when TTLS is used.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list