Not able to receive inner identity in Access-Accept in EAP-TTLS.

Stefan Paetow Stefan.Paetow at
Fri Aug 29 10:45:06 CEST 2014

Ok Axel, 

What's so "disturbing" about the comment? 


-----Original Message-----
From: at [ at] On Behalf Of Axel Luttgens
Sent: 28 August 2014 23:19
To: FreeRadius users mailing list
Subject: Re: Not able to receive inner identity in Access-Accept in EAP-TTLS.

Le 28 août 2014 à 21:37, Alan DeKok a écrit :

> [...]
> That's what I said.  Don't update the outer reply.  Update the inner 
> reply.

Hello Alan,

Sorry for not having been able to read between the lines...

> Then, "use_tunneled_reply" should copy the inner reply to the outer 
> reply.

... but then, yes, with:

	use_tunneled_reply = yes

in eap's config and:

	update reply {
		User-Name = "%{request:User-Name}"

at the end of inner tunnel's post-auth section, everything seems to be working as expected.

If I may allow... the comment (suggestion) in raddb/sites-available/inner-tunnel is terribly disturbing:

	#  If you still want to use the inner tunnel User-Name then
	#  uncomment the section below, otherwise you may want
	#  to use  Chargeable-User-Identity attribute from RFC 4372.
	#  See further on.
	#update outer.reply {
	#  User-Name = "%{request:User-Name}"

Thanks again,

List info/subscribe/unsubscribe? See

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

More information about the Freeradius-Users mailing list