Authorization through inner identity

ZHANG Gina Gina.Zhang at
Tue Feb 23 17:39:26 CET 2010


Thanks for all the help! I need to modify my question. I am using
mschapv2 inside ttls tunnel. Upon receipt of the MS-CHAP2-Success AVP,
the client is able to authenticate the FR. If the authentication
succeeds, the client sends and EAP-TTLS packet to FR containing no data.
Only upon receiving this packet, FR authorize. But at this point, the
request packet contains no inner tunnel identity. Is there anyway to
config FR to authorize according to the inner-tunnel indentity in this


-----Original Message-----
From: at lists.freeradius.
[ at lists.fre] On Behalf Of Alan Buxey
Sent: Tuesday, February 23, 2010 3:41 AM
To: FreeRadius users mailing list
Subject: Re: Authorization through inner identity

> Alan,
> All I want to do is to use inner username to lookup the database table

> to authorize.

so long as you call the relevant SQL module in the authorize {} section
of innter-tunnel then the default config will work fine for you.

- once the server is in inner-tunnel (called via EAP) it will only be
dealing with the inner username (unless you've done something
crazy/weird with the config!)

List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list