Dear All, I am curious if it is possible today with FreeRADIUS to normalise the identity that is returned in the User-Name AVP in an Access-Accept?
Hypothetically, lets say that a client uses the PEAP EAP type and logs in successfully using an inner-identity of its choosing in a valid format. For example, it could be of any of the following forms: foo@example f...@example.com example\foo example.com\foo foo (where the default domain is configured) What I want to achieve is that the value returned in the User-Name AVP in the Access-Accept always be sent in lower case and in a fully qualified, normalised format in the form f...@example.com back to the NAS. RFC 2865 states in Section 5.1: [The User-Name AVP] MAY be sent in an Access-Accept packet, in which case the client SHOULD use the name returned in the Access-Accept packet in all Accounting-Request packets for this session. RFC 3579 states in Section 3: The User-Name attribute within the Access-Accept packet need not be the same as the User-Name attribute in the Access-Request. So, a compliant NAS that is able to treat the User-Name AVP as being authoritative would get to see the real, inner identity and in a normalised form. Is this possible? Thanks, Nick - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html