Alexander Clouter alex at digriz.org.uk
Mon Jul 11 21:44:06 CEST 2011

d.thembiliyagoda at lancaster.ac.uk wrote:
> I edit the inner-tunnel virtual server configuration file and uncomment
> the example policy under "post-auth" section.
> update outer.reply {
>                User-Name := "%{request:User-Name}"
>        }
That's not the example I gave...what does trying my example give you?

> But in Access-Accept still the User-Name is "anonymous". Here is the debug
> output of the FreeRadius
> # Executing section post-auth from file
> /usr/local/etc/raddb/sites-enabled/inner-tunnel
> Info: +- entering group post-auth {...}
> Info:  expand: %{request:User-Name} -> bob
> Info: ++[outer.reply] returns noop
> } # server inner-tunnel
Probably as you are using EAP-MSCHAPv2 which in effect gives you an 

> Then I enabled the use_tunneled_reply = yes ,in eap.conf. Even after 
> that I can't see the User-Name attribute has modified in 
> Access-Accept.
Well, when you do get it working, remember to trim it for eduroam 
replies bound for JANET's JRS's; the username should only go to your 
*own* NAS's and not the national proxies.


Alexander Clouter
.sigmonster says: HOLY MACRO!

More information about the Freeradius-Users mailing list