outer identity anonymous is being rejected (solved)

Godfrey Peart grpeart at googlemail.com
Wed Feb 11 00:37:13 CET 2009


Apologies, I didn't read all the MAN pages, found the answer I needed





>My FR 2.1 is set to authenticate users via PEAP + EAP-TTLS, this works
fine but some users are being rejected
>So it's being rejected. How do I get the inner identity which contains a
valid username to be processed instead of the outer identity.
>I've seen some posts about using* Autz-type INNER* options but have merely
succeded in breaking my test system when tryng it out.
>
>At present this is my users file:
>
>
>
>
>
>
>#If you are not in either group, no access is allowed
>#FreeRADIUS 2.1
>
>
>#These are the groups we are checking for Lunar Building staff
>DEFAULT         Ldap-Group == "lunar-staff"
>                      Aruba-User-Role = "employee"
>
>DEFAULT         Ldap-Group == "lunar-member"
>                       Aruba-User-Role = "member"
>
>DEFAULT         SQL-Group == "Guests"
>                      Aruba-User-Role = "guest"
>
>DEFAULT         Ldap-group != "lunar-staff", Auth-Type := Reject
>DEFAULT         Ldap-group != "lunar-member", Auth-Type := Reject

>#End
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090210/180b4d33/attachment.html>


More information about the Freeradius-Users mailing list