Normalising the User-Name AVP in an Access-Accept

Alex Sharaz alex.sharaz at
Thu Apr 18 18:00:09 CEST 2013

So which id are you talking about?
if its the outer and the user has configured the machine correctly, all you're going to see is @realm - not much use other than "it's that institution"
if its the inner then o.k. you've got a realm from the outer user-name and a userid from the inner but any accounting will be dumped locally.
if its the inner and you've got a realm then you've got your userid to hand over and all the accounting should go back to the home institution

… or have I got that wrong?

On 18 Apr 2013, at 16:47, Brian Julin <BJulin at> wrote:

>> Nick Lowe wrote: 
>> I would have thought that it is perfectly reasonable to return the
>> identity back in the case you have roaming federations as long as it
>> was an agreed requirement beforehand.
>> I am of the opinion that this -should- be mandated as part of Eduroam,
>> for example.
> I'd have to disagree.  We don't want to know anything about eduroam
> guest users other than an ID which to hand authorities which they can
> use to investigate with the home institution.  The less we know, the
> less work we have to do when we get a subpoena.
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list