Not able to receive inner identity in Access-Accept in EAP-TTLS.

Axel Luttgens axel.luttgens at
Fri Aug 29 00:18:37 CEST 2014

Le 28 août 2014 à 21:37, Alan DeKok a écrit :

> [...]
> That's what I said.  Don't update the outer reply.  Update the inner
> reply.  

Hello Alan,

Sorry for not having been able to read between the lines...

> Then, "use_tunneled_reply" should copy the inner reply to the
> outer reply.

... but then, yes, with:

	use_tunneled_reply = yes

in eap's config and:

	update reply {
		User-Name = "%{request:User-Name}"

at the end of inner tunnel's post-auth section, everything seems to be working as expected.

If I may allow... the comment (suggestion) in raddb/sites-available/inner-tunnel is terribly disturbing:

	#  If you still want to use the inner tunnel User-Name then
	#  uncomment the section below, otherwise you may want
	#  to use  Chargeable-User-Identity attribute from RFC 4372.
	#  See further on.
	#update outer.reply {
	#  User-Name = "%{request:User-Name}"

Thanks again,

More information about the Freeradius-Users mailing list