On 20 Jul 2011, at 13:39, Phil Mayers wrote: > On 20/07/11 11:26, Scott Armitage wrote: >> Hi, >> >> I have noticed that when authenticating using TTLS/MSCHAPv2 that the >> outer-identity is used in the RADIUS reply packet even if the >> use_tunneled_reply is set to yes for TTLS in eap.conf > > That's not what we see: > > [ttls] Using saved attributes from the original Access-Accept > User-Name = "xxx" > ... > Sending Access-Accept of id 8 to 192.168.51.229 port 57353 > User-Name = "xxx" > > Can you show a debug?
I've attached a full debug. I notice that if I do a PEAP authentication i see
the following:
[peap] Using saved attributes from the original Access-Accept
Reply-Message = "Authenticated by Test ORPS"
User-Name = "scott-test"
compared with TTLS which has:
[ttls] Using saved attributes from the original Access-Accept
Reply-Message = "Authenticated by Test ORPS"
>
>>
>> Does anyone know the reason for this?
>
> Are you using TLS session resumption?
Yes, however I disabled TLS session resumption and tested again and got the
same results.
Thanks
Scott
radius-debug
Description: Binary data
PGP.sig
Description: This is a digitally signed message part
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
