Trying not to send outer identity in the Access-Accept message

Torres López María Isabel isabel.torres at
Wed Dec 11 17:12:06 CET 2019

Dear Sir or Madam.
Currently, we are running Freeradius 3.0.11. It works correctly with our wireless controler, but when we upgrade the firmware of our wireless controlles, the users are not able to stablish sesión anymore.
The problem is that the freeradius is sending two User-Name values in the Access-Accept packet (the inner and the outer identity), and the Wireless controler detects two values and drops the packet. The authentication is correct, but the Wireless controller does not stablish the user sesión.
Besides, as the Freeradius sends both identities, sometimes the accountings shows the outer identity, not the inner one.
¿Is there any way to send only the inner identity in the Access-Accept packet?

(6)   Login OK: [pruebas.wifi at] (from client WLAN-1 port 0 cli B49D0B8C389F via TLS tunnel)
(6) } # server inner
(6) Virtual server sending reply
(6)   User-Name = "pruebas.wifi at"
(6)   Class = 0x414c554d4e4f53
(6)   Filter-Id = "ALUMNOS"
(6) eap_ttls: Got tunneled Access-Accept
(6) eap: Sending EAP Success (code 3) ID 8 length 4
(6) eap: Freeing handler
(6)     [eap] = ok
(6)   } # authenticate = ok
(6) Login OK: [anonymous at] (from client WLAN-1 port 0 cli B49D0B8C389F)
(6) Sent Access-Accept Id 56 from to length 0
(6)   User-Name = "anonymous at"
(6)   User-Name = "pruebas.wifi at"
(6)   Class = 0x414c554d4e4f53
(6)   Filter-Id = "ALUMNOS"
(6)   MS-MPPE-Recv-Key = 0x567a04806953128ea5aadb908f6728a6753794d66a6ec189964c4f2e54cfb15b
(6)   MS-MPPE-Send-Key = 0x068df56d4605c2a4b62e8f4eee3fdb12031bdebf9eaa4201d6d08b310246d6d4
(6)   EAP-Message = 0x03080004
(6)   Message-Authenticator = 0x00000000000000000000000000000000
(6) Finished request

Best regards.

Mª Isabel Torres López
Comunicaciones - Servicios Informáticos
Universidad de Alcalá
Correo:  Isabel.torres at<mailto:Isabel.torres at>
Telefono: 918856458

More information about the Freeradius-Users mailing list