Tunneled-User-Name
Alexander Clouter
alex at digriz.org.uk
Mon Jul 11 21:44:06 CEST 2011
d.thembiliyagoda at lancaster.ac.uk wrote:
>
> I edit the inner-tunnel virtual server configuration file and uncomment
> the example policy under "post-auth" section.
>
> update outer.reply {
> User-Name := "%{request:User-Name}"
> }
>
That's not the example I gave...what does trying my example give you?
> But in Access-Accept still the User-Name is "anonymous". Here is the debug
> output of the FreeRadius
>
> # Executing section post-auth from file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> Info: +- entering group post-auth {...}
> Info: expand: %{request:User-Name} -> bob
> Info: ++[outer.reply] returns noop
> } # server inner-tunnel
>
Probably as you are using EAP-MSCHAPv2 which in effect gives you an
inner-inner-tunnel.
> Then I enabled the use_tunneled_reply = yes ,in eap.conf. Even after
> that I can't see the User-Name attribute has modified in
> Access-Accept.
>
Well, when you do get it working, remember to trim it for eduroam
replies bound for JANET's JRS's; the username should only go to your
*own* NAS's and not the national proxies.
Cheers
--
Alexander Clouter
.sigmonster says: HOLY MACRO!
More information about the Freeradius-Users
mailing list