-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jonathan Gazeley wrote: > No - this is a completely standard FreeRADIUS configuration. Nothing > relating to rewriting anything has been changed. > > In the debug log posted in one of my earlier messages, it appears the FR > server sends an Access-Challenge packet from the inner server using my > statically set outer ID (testing-jg4461). But immediately after, it > reverts to using the original outer ID (qwerty99). Then this username > shows in accounting. > > This doesn't happen when I set the outer ID in the outer server. In that > case, the statically set outer ID sticks and appears in accounting. > > What's the difference between using an identical piece of code in inner > or outer servers? > >
As far as i'm aware this has never worked, which is why I still return attributes from the inner tunnel and get it that way. eap { peap { use_tunneled_reply = yes virtual_server = "local.user.inner" } } server local.user.inner { post-auth { # # Return inner identity to use in final accept # update reply { User-Name := "%{Stripped-User-Name}" } } } You can then apply your authorisation policy in post-auth where it should be already :P . Alan, If the last round of the EAP conversation didn't require data to be sent to the inner server the outer.User-Name attribute would just be discarded right? Or do you store those attributes in the same place you store the tunneled-reply ? Arran > Alan DeKok wrote: >> Jonathan Gazeley wrote: >> >>> Sorry to 'bump' my previous post. I'm at a loss as to why FreeRADIUS >>> expands the username as expected, but why this username never makes it >>> back to the NAS. Does anyone have any ideas? >>> >> >> No idea... is there anything else that's over-writing the User-Name? >> >> Alan DeKok. >> - >> List info/subscribe/unsubscribe? See >> http://www.freeradius.org/list/users.html >> > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html - -- Arran Cudbard-Bell (a.cudbard-b...@sussex.ac.uk), Authentication, Authorisation and Accounting Officer, Infrastructure Services (IT Services), E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT DDI+FAX: +44 1273 873900 | INT: 3900 GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkmIkB4ACgkQcaklux5oVKJgmgCfYkK6n1qbONnQcaxsETX7F4Gc mqkAniSb92gQtD8Drb9bQspKGRm44ttC =zEOg -----END PGP SIGNATURE----- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html