>>>> [EMAIL PROTECTED] 4/6/05 9:56:27 AM >>> >In PEAP, the outer identity really doesn't matter. When FreeRADIUS >responds with an Access-Accept, it sends the username back to the AP >so that it has the correct username for accounting/logging/etc. To >set this to the tunneled username, set the use_tunneled_reply option >in the peap module to true. FreeRADIUS should then send the tunneled >username back to the AP in the Access-Accept message, and, if your AP >works correctly, the AP will remember what it was told by FR instead >of the original identity.
Thank you very much. It looks like that fixes my problem. Jason >On Wed, 6 Apr 2005, Jason Long wrote: > >> >> >> So I can see that FreeRadius is using georget to authenticate and authorize >> the access request, but the wireless access point is only seeing "MrBean." >> Is there a way to ensure both usernames match? I.e. is there any way to >> configure EAP/PEAP to reject a request if the tunneled identity does not >> match the user-name attribute of the original request? >> >> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
