InnerAttributes not escaped when transmitted to outter

Arran Cudbard-Bell A.Cudbard-Bell at
Tue Jun 2 11:46:46 CEST 2009

On 2/6/09 10:01, Alan DeKok wrote:
> A.L.M.Buxey at wrote:
>> does this fix mean that TTLS and PEAP get the inner identity copied
>> correctly so there is no more need for
>>          update outer.reply {
>>                  User-Name = "%{User-Name}"
>>          }
>    That's still needed.  The question is what do you want the server to
> do.  Always over-ride the outer name with the inner one?  If so, why is
> the outer one "anonymous", and the inner one "user at realm"?

I agree. Doing this by policy is a better idea than hardcoding behavior.

We just need the policy to work correctly.

Currently attributes in outer.reply are not inserted if:

1) You're doing EAP-TTLS-MSCHAPv2

2) The inner sever issued a reject

These two cases need to be fixed for predictable behaviour.

Did you get a chance to look at that patch I sent ?

Arran Cudbard-Bell (A.Cudbard-Bell at,
Authentication, Authorisation and Accounting Officer,
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2

More information about the Freeradius-Users mailing list