On 20 Jul 2011, at 13:39, Phil Mayers wrote: > On 20/07/11 11:26, Scott Armitage wrote: >> Hi, >> >> I have noticed that when authenticating using TTLS/MSCHAPv2 that the >> outer-identity is used in the RADIUS reply packet even if the >> use_tunneled_reply is set to yes for TTLS in eap.conf > > That's not what we see: > > [ttls] Using saved attributes from the original Access-Accept > User-Name = "xxx" > ... > Sending Access-Accept of id 8 to 192.168.51.229 port 57353 > User-Name = "xxx" > > Can you show a debug?
I've attached a full debug. I notice that if I do a PEAP authentication i see the following: [peap] Using saved attributes from the original Access-Accept Reply-Message = "Authenticated by Test ORPS" User-Name = "scott-test" compared with TTLS which has: [ttls] Using saved attributes from the original Access-Accept Reply-Message = "Authenticated by Test ORPS" > >> >> Does anyone know the reason for this? > > Are you using TLS session resumption? Yes, however I disabled TLS session resumption and tested again and got the same results. Thanks Scott
radius-debug
Description: Binary data
PGP.sig
Description: This is a digitally signed message part
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html