EAP-PEAP-MSCHAPv2: use_tunneled_reply = yes

Alan DeKok aland at ox.org
Fri Sep 30 19:40:49 CEST 2005


"Bjarni Hardarson" <freeradius at hardarson.se> wrote:
> the correct attributes but the final Access-Accept has no attributes and the
> User-Name is the anonymous one from the outer tunnel. This username is then
> used by the AP for accounting.
> Is this by design or is my configuration wrong?

  Looks like it's a bug.  The PEAP protocol gets the tunneled "ack",
and then continues the PEAP conversation for another packet or so,
before sneding the final Access-Accept.

  The server *should* keep the tunneled reply attributes around, and
add them to the final Access-Accept.  I'm not sure how best to fix it.

  Alan DeKok.




More information about the Freeradius-Users mailing list