Windows Machines not Validating Cert
Alan DeKok
aland at deployingradius.com
Wed Nov 6 11:57:23 UTC 2024
On Nov 6, 2024, at 11:42 AM, FreeRAD <yetifreerad at gmail.com> wrote:
> Just one other quick thing, I've noticed that I can see an EAP-Message
> Attribute in my 'Access-Accept' message back from the server
That is how it works.
> but I was
> under the impression that the below config in the inner-tunnel config file
> should stop this.
No. Please read the comments documenting that configuration.
It means that some attributes from the *inner-tunnel* reply aren't copied to the outer reply. It isn't deleting EAP-Message from the outer reply.
> Especially given that it stops me seeing any of the other
> attributes (apart from User-Name but that was purposefully left in for
> account purposes).
No, it doesn't do that. You can still see the attributes. The inner reply attributes are still copied to the outer reply.
EXCEPT for attributes which shouldn't be copied. Because we know that it doesn't make sense to copy them.
You shouldn't be asking "why is the default configuration wrong". Instead, you should be describing what you're doing, what the server does, and why that's different from what you expect.
Alan DeKok.
More information about the Freeradius-Users
mailing list