Inner Tunnel User-Name
Alan DeKok
aland at deployingradius.com
Mon May 5 15:03:22 UTC 2025
On May 5, 2025, at 10:32 AM, Christoph Egger via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I have configured EAP-TTLS+PAP using sites-enabled/proxy-inner-tunnel.
> After I get the Access-Accept message, I do dynamic VLAN assignment in sites-enabled/default in the post-auth section.
OK, that's good.
> The one thing is: the dynamic VLAN assignment uses the outer User-Name. It works if the outer-tunnel matches the inner-tunnel username.
> I want to do the dynamic VLAN assignment using the Inner-Tunnel User-Name.
>
> Where can I access the inner-tunnel %{request.User-Name} with ulang after the Access-Accept message ?
You update the inner-tunnel virtual server, and copy the User-Name to the outer request. Perhaps in the "control" list, so that it doesn't affect anything else:
update outer.control {
&User-Name := &User-Name
}
Then in the default virtual server, you access &control:User-Name.
The underlying issue is that the inner request is finished (and gone) after it returns an Access-Accept. So you can't access it, because it's gone. You have to manually save any information that you need.
Alan DeKok.
More information about the Freeradius-Users
mailing list