EAP anonymous and inner User-name

Alan DeKok aland at deployingradius.com
Fri Nov 17 20:58:05 CET 2006


"Thibault Le Meur" <Thibault.LeMeur at supelec.fr> wrote:
> Strange... I've set copy_request_to_tunnel and I haven't seen my inner
> User-Name be overwritten !

  Doing that would be wrong.  FreeRADIUS doesn't do that.

> > And, lastly, did you set copy_request_to_tunnel in eap.conf? 
> > Don't, because 
> > then your real inner user name gets overwritten by the outer one.

  No, absolutely not.  That DOES NOT HAPPEN.

> Another question: if you don't set copy_request_to_tunnel, could you still
> have a rule in the users file matching the user's ldap group (for the users
> in the inner request) and the Called-Station-Id (from outer request) ?

  You could match LDAP group, because the username is in the inner
request.  You can't match Called-Station-Id, because it's in the outer
request.

  Alan DeKok.
--
  http://deployingradius.com       - The web site of the book
  http://deployingradius.com/blog/ - The blog



More information about the Freeradius-Users mailing list