hi alan
thanks for the rapid pointers. some comments inline.
first of all, the following config directive:
...
does not seem to change anything in my case, in the Access-Accept message sent by the server, the User-Name is still set to "anonymous".
Try instrumenting the server, to see if the user-name is set inside of the tunnel.
i'm pretty sure it is, since the client does TTLS with an inner PAP auth (secure W2 by alfa & ariss). by the way, what do you mean by instrumenting the server - detailed log?
the problem is that we do not use the users file at all. our users are rather stored in a remote SQL data base and I would like to add something like a generic User-Name = %{User-Name} to the reply... but when i add this to the SQL data base, the server takes this "as is" and does not expand the variable (the access accept is sent for the non-existent user called '%{User-Name}'.
Ah, yes. The SQL module doesn't do dynamic expansion. It probably should...
In fact, the entire server should probably do that automatically.
ok, would it be difficult to add? where would you start? especially talking SQL...
what can/should i do to have the tunneled user-name in the access-accept in my case? we tried the expr but that didn't work out...
You should be able to have a post-auth module re-write the username...
ok, i've thought about it but wanted first your opinion.
thank you artur
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
