a.l.m.bu...@lboro.ac.uk wrote: > does this fix mean that TTLS and PEAP get the inner identity copied > correctly so there is no more need for > > update outer.reply { > User-Name = "%{User-Name}" > }
That's still needed. The question is what do you want the server to do. Always over-ride the outer name with the inner one? If so, why is the outer one "anonymous", and the inner one "u...@realm"? i.e. "anonymous" is being used to hide the inner name... which promptly gets exposed with that rule. Is this a good idea? What else could be done to be secure, but also useful? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html