inner vs outer User-Name

Alan DeKok aland at
Tue Feb 9 07:44:38 CET 2010

Kenneth Grady wrote:
> Is there any way to authorize a user using the inner-tunnel User-Name
> and not the outer?

  Yes.  Use the inner-tunnel virtual server.

> I get an outer User-Name of anonymous and a reject when searching for
> authorized users in an ldap group.

  Because you're doing the LDAP group check in the outer tunnel... not
the inner tunnel.

> Mon Feb  8 12:53:21 2010
>        Packet-Type = Access-Request
>        User-Name = "anonymous"

  Why are you posting these packets?  The documentation specifically
asks for *other* information.  It does not ask for pieces of a "detail"

> /etc/raddb/sites-available/default

  Have you tried using raddb/sites-available/inner-tunnel?

  It's documented as the "inner tunnel" configuration.

  Alan DeKok.

More information about the Freeradius-Users mailing list