Artur Hecker <[EMAIL PROTECTED]> wrote: > i took a look at the traffic coming from my NAS to the server and I > couldn't find any of such additions to the user-name attribute. do i > missunderstand something (ethereal 0.9.4) or is my NAS a crap?
The RADIUS User-Name attribute SHOULD be the same as the user name in the EAP message. If it isn't, then you're NAS is broken. > except for that, I believe to recall to have read in the RADIUS RFC > (2865) that a proxy should never cut an Attribute-Value pair and that it > should copy it into whatever it forwards. Not necessarily. The proxy can re-write requests, before it forwards them. > and finally I believe that one of these remarks should respond to the > original question, i.e. if EAP and proxying (will) work together with > freeradius or not. because in fact I didn't understand your answer, > Alan. was it a "no" like "no, it will never support it" or a "no" like > "no, not in EAP response identity"? As I said, if the User-Name attribute exists, and has the normal "user@realm" format, then it doesn't matter if there is EAP in the packet. If there is NO User-Name attribute in the packet, then the server is unable to root through the EAP-Message stuff to find what EAP thinks is the user name. In that case, without a User-Name attribute, proxying cannot be done on realms in User-Names. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
