EAP-PEAP-MSCHAPv2: use_tunneled_reply = yes
Alan DeKok
aland at ox.org
Fri Sep 30 19:40:49 CEST 2005
"Bjarni Hardarson" <freeradius at hardarson.se> wrote:
> the correct attributes but the final Access-Accept has no attributes and the
> User-Name is the anonymous one from the outer tunnel. This username is then
> used by the AP for accounting.
> Is this by design or is my configuration wrong?
Looks like it's a bug. The PEAP protocol gets the tunneled "ack",
and then continues the PEAP conversation for another packet or so,
before sneding the final Access-Accept.
The server *should* keep the tunneled reply attributes around, and
add them to the final Access-Accept. I'm not sure how best to fix it.
Alan DeKok.
More information about the Freeradius-Users
mailing list