Not able to receive inner identity in Access-Accept in EAP-TTLS.

Alan DeKok aland at
Sat Aug 30 18:56:49 CEST 2014

Axel Luttgens wrote:
> Could it be said that, as a general rule, the best approach for retrieving information from the inner tunnel is to make use of "use_tunneled_reply = yes"? Conversely, are there particular cases for which that approach won't work?


> On the other hand, nothing coming for free, does "use_tunneled_reply = yes" significantly increase the load on the server, with perhaps the risk to use too much resources?


> Finally, in the case of error (a non existing user, for instance), there seems to be no attempt to pass the saved attributes to the "Post-Auth-Type REJECT" section. Am I right?


  Alan DeKok.

More information about the Freeradius-Users mailing list