Not able to receive inner identity in Access-Accept in EAP-TTLS.
axel.luttgens at skynet.be
Sun Aug 31 11:23:03 CEST 2014
Le 30 août 2014 à 18:28, Axel Luttgens a écrit :
> Le 30 août 2014 à 16:38, Alan DeKok a écrit :
>> Alan DeKok wrote:
>>> Unfortunately, that is how it works. If you read the debug output,
>> I've updated the example inner-tunnel example,
> Yes, I noticed that this morning. :-)
More exactly, I only had seen the next to last change while writing the above.
But the current comment appears to be exactly the one I would have dreamed to write myself. ;-)
Perhaps could it be worth to enhance the description of use_tunneled_reply as well?
With the current comment, use_tunneled_reply could be understood as a way to convey the inner User-Name only; but, unless I'm wrong, any attribute, even a private one, is liable to be brought to the outer session.
Moreover, the mechanism activated by that setting probably deserves a better emphasis; in particular, I'm thinking at its protocol-awareness you have described in a previous message.
More information about the Freeradius-Users