Inner Tunnel User-Name - PEAP/MSCHAPV2

Alan DeKok aland at
Fri Dec 12 15:38:01 CET 2014

On Dec 12, 2014, at 8:48 AM, Chris Arg <grkcharge at> wrote:
> I'm currently using 3.0.x via github on RHEL 7. My issue is that I'm unable to get the User-Name attribute out of the inner tunnel.

  Read raddb/sites-available/inner-tunnel.  Look at the “post-auth” section:

	#  Instead of "use_tunneled_reply", do this:
#	update {
#		&outer.session-state: += &reply:
#	}

  Uncomment that block.

> I've seen a couple of examples demonstrating how to update the reply or update outer.reply in the inner-tunnel post-auth section. After reading the debug output, that section doesn't seem to run. Instead, post-proxy is run which looks like a good alternative. This is what I've tried in the post-proxy section:
>         update {
>                 &reply:User-Name += &User-Name
>         }

  That won’t work.  That’s updating the inner-tunnel reply, which is not what you want.

> ---------------
> raddb/mods-enabled/eap

  Don’t send configuration files to the list.  The documentation says to post the debug output.  ONLY the debug output.

  And you’ve butchered the configuration files.  Don’t do that.  There’s no additional cost to leave the comments, etc.  Leaving the comments there helps explain what the files are doing, and why.

  Alan DeKok.

More information about the Freeradius-Users mailing list