EAP anonymous and inner User-name

Thibault Le Meur Thibault.LeMeur at supelec.fr
Fri Nov 17 18:24:31 CET 2006


> "Thibault Le Meur" <Thibault.LeMeur at supelec.fr> wrote:
> > Indeed, I found out that with the latest release of FR, the debug 
> > isn't the
> > same: previously (FR 1.0.1), I was able to read the 
> Tunneled inner-request
> > and attributes (with inner user name and password...) and 
> the complete
> > process of this 'new request' and now I don't this.
> 
>   Read eap.conf, and look for "copy_request_to_tunnel"

Well... I already have this set to yes because I need to match outer
attributes while processing the tunneled-request.

My setup is working quite well, but I just think the "radiusd -X" debug log
has changed a bit since I am not seeing the decoded inner request packet in
it: I can only see a message "Proceeding to decode tunneled attributes" and
then the authorize section is run without printing the decoded attributes of
the tunneled request to the debug log.

I get this:
-------------
  rlm_eap_ttls: Session established.  Proceeding to decode tunneled
attributes.
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 6
  modcall[authorize]: module "preprocess" returns ok for request 6
  modcall[authorize]: module "mschap" returns noop for request 6
  modcall[authorize]: module "eap" returns noop for request 6
    users: Matched entry DEFAULT at line 17
rlm_ldap: Entering ldap_groupcmp()
...
-------------

I might be wrong but I think older versions were printing the decoded inner
request with _something_like_ that:
-------------
  rlm_eap_ttls: Session established.  Proceeding to decode tunneled
attributes.
...
        Service-Type = Framed-User
        User-Name = "My-inner-Identity"
	  User-Password = "My-PAP-Passwd"
        Framed-MTU = 1492
        State = 0x50f69e12347f8a811f1334fa392048e
        Called-Station-Id = "00-01-52-44-55-85:MySSID"
        Calling-Station-Id = "00-52-44-55-F7-38"
        NAS-Identifier = "MyAP"
        NAS-Port-Type = Wireless-802.11
...
-------------

Regards,
Thibault






More information about the Freeradius-Users mailing list