Outer vs. inner ID in Login OK messages

Alan DeKok aland at deployingradius.com
Wed Jan 23 17:40:46 CET 2019


On Jan 23, 2019, at 11:30 AM, Martin Pauly <pauly at hrz.uni-marburg.de> wrote:
> 
> Am 23.01.19 um 16:27 schrieb Alan DeKok:
>>   The server should log what the client sends.  The debug log you posted doesn't include that.  So maybe the client*is*  sending "pauly1" for the outer ID.
> 
> No, it sends "eduroam at staff.uni-marburg.de".
> (At least I tell the client to so, and it successfully triggers my cert processing fork.)
> 
> Here are the full debug logs (sorry not the same devices, but the effect is consistent across several client platforms).

  Hmm.. when I try it with the v3.0.x head, I get:

(6)   Login OK: [bob] (from client localhost port 0 via TLS tunnel)
(6) Login OK: [anonymous] (from client localhost port 0 cli 02-00-00-00-00-01)

  Maybe try that?  I don't recall specifically if anything changed in the source, but it might have.

  Alan DeKok.




More information about the Freeradius-Users mailing list