On Fri, 2004-07-02 at 07:10, Anj wrote: > In some cases, Domain Name is stripped from User-Name and sent to Radius > Server. In that case, User-Name would not match with Type-Data field of > EAP-Identity/Response.
It's a security piece. Since authorizations are based on the User-Name, the server requires that the User-Name match the EAP Identity. I've *never* seen or heard of a NAS that changes the User-Name when sending the request. It shouldn't. It should follow the RFC and *COPY* the EAP-Identity into the User-Name attribute, not "copy what it sees fit"... --Mike - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
