username and attributes
Alan DeKok
aland at deployingradius.com
Sun Jun 6 10:26:15 CEST 2010
rosect190 at yahoo.com wrote:
> I have two users (u1 and u2) and want to use PEAP to auth them. For each
> user, I will return an attribute. For example, attr1 for u1 and attr2
> for u2.
>
> An interesting thing is that, when my out-tunnel user name is
> "anonymous", I do not see any attribute be returned although the auth is
> successful.
Because you have configured "use_tunneled_reply". See eap.conf.
> Further testing shows, if I use user2's name (u2) as user1's out-tunnel
> name and use user1's name (u1) as user2's out-tunnel name, user1 will
> receive attri2 and user2 will receive attr1. It seems that the server
> picks attributes based on the out-tunnel name, not the real user name.
Yes... that's what you told it to do. If you want different behavior
in/out of the tunnel, *configure it*. That's why the "default" virtual
server is different from the "inner-tunnel" virtual server.
Their configuration is similar so that first installs are simple. But
you can change them and edit them to meet your needs.
Alan DeKok.
More information about the Freeradius-Users
mailing list