How is User-Name getting into reply?
Alan DeKok
aland at deployingradius.com
Sat Nov 19 01:35:28 CET 2016
On Nov 18, 2016, at 12:24 PM, Brian Candler <b.candler at pobox.com> wrote:
>
> I don't understand how a User-Name attribute is being added into the *reply* when using EAP.
The EAP module adds it.
> And if I uncomment these sections from inner-tunnel:
>
> update {
> &outer.session-state: += &reply:
> }
Which *adds* the reply attributes from the inner tunnel to the outer session-state. Including any User-Name.
The post-auth policy also does:
update {
&reply: += &session-state:
}
Which gets you two User-Name attributes.
> update outer.session-state {
> MS-MPPE-Encryption-Policy !* ANY
> MS-MPPE-Encryption-Types !* ANY
> MS-MPPE-Send-Key !* ANY
> MS-MPPE-Recv-Key !* ANY
> Message-Authenticator !* ANY
> EAP-Message !* ANY
> Proxy-State !* ANY
> }
User-Name should be listed there, too. I'll push a fix.
Alan DeKok.
More information about the Freeradius-Users
mailing list