Not able to receive inner identity in Access-Accept in EAP-TTLS.
Axel Luttgens
axel.luttgens at skynet.be
Mon Sep 1 14:40:27 CEST 2014
Le 1 sept. 2014 à 11:18, Axel Luttgens a écrit :
> [...]
> I'll try to submit a piece of text as soon as possible.
So, the idea would be to replace:
# The reply attributes sent to the NAS are usually
# based on the name of the user 'outside' of the
# tunnel (usually 'anonymous'). If you want to send
# the reply attributes based on the user name inside
# of the tunnel, then set this configuration entry to
# 'yes', and the reply to the NAS will be taken from
# the reply to the tunneled request.
with something like this:
# It may sometimes be needed to propagate data from
# the inner session to the outer one.
# The classical example is to augment the outer reply
# packet with a User-Name attribute bearing the user's
# inner-identity, so that the NAS emits its subsequent
# accounting packets with that identity.
# When set to "yes", this configuration entry allows
# to add attributes, even private ones, to the inner
# reply and to make them available in the reply handled
# by the outer session (where they can even be further
# massaged).
# Note that this setting allows to ensure that the
# saved attributes are restored in the last packet of
# the outer session that opened the tunnel; this is to
# be contrasted with a simple "update outer.reply"
# performed in the inner-tunnel.
HTH,
Axel
More information about the Freeradius-Users
mailing list