inner/outer authentication problem in 2.0.2

Gopinath Reddy N gnreddy at gmail.com
Thu Jun 12 06:56:05 CEST 2008


Hi,

Iam planning to send some Vendor Specific attributes to the user based on
inner authentication.

But by way of hack if user knows some other valid user name in the system he
can use that as outer identity and get the policy setting of that user. So
to avoid that Iam just thinking is there a way I can come out of this
situation in freeradius

Regards
gnreddy
2008/6/11 Ivan Kalik <tnt at kalik.net>:

> Why do you apply any policies to the outer identity?
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 11/6/2008, "Gopinath Reddy N" <gnreddy at gmail.com> piše:
>
> >Hello all,
> >
> >Iam using freeradius 2.0.2 version with TTLS/MSCHAPv2
> >
> >I have two users in configuration
> >
> >tmpuser -> tmpgroup
> >emp1 -> employee
> >
> >
> >Iam using "tmpuser" in outer authentication and "emp1" in inner
> >authentication. I have eap.conf file configured with
> >
> >ttls {
> >                         copy_request_to_tunnel = yes
> >                         use_tunneled_reply = yes
> >   }
> >But when I login successfully freeradius is  always applying policy from
> >"tmpgroup" which belongs to the user used in outer authentication. But it
> is
> >supposed to apply policy from employee group as I have used "employee" in
> >inner authentication.
> >
> >Could anybody let me know if this is a bug with freeradius or my
> >configuration is wrong.
> >
> >Thanks in advance
> >
> >Regards
> >gnreddy
> >
> >
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080612/4e99bbb6/attachment.html>


More information about the Freeradius-Users mailing list