How is User-Name getting into reply?

Alan DeKok aland at deployingradius.com
Sat Nov 19 01:35:28 CET 2016


On Nov 18, 2016, at 12:24 PM, Brian Candler <b.candler at pobox.com> wrote:
> 
> I don't understand how a User-Name attribute is being added into the *reply* when using EAP.

  The EAP module adds it.

> And if I uncomment these sections from inner-tunnel:
> 
>        update {
>                &outer.session-state: += &reply:
>        }

  Which *adds* the reply attributes from the inner tunnel to the outer session-state.  Including any User-Name.

  The post-auth policy also does:

	update {
		&reply: += &session-state:
	}

  Which gets you two User-Name attributes.

>        update outer.session-state {
>                MS-MPPE-Encryption-Policy !* ANY
>                MS-MPPE-Encryption-Types !* ANY
>                MS-MPPE-Send-Key !* ANY
>                MS-MPPE-Recv-Key !* ANY
>                Message-Authenticator !* ANY
>                EAP-Message !* ANY
>                Proxy-State !* ANY
>        }

 User-Name should be listed there, too.  I'll push a fix.

  Alan DeKok.




More information about the Freeradius-Users mailing list