"Thibault Le Meur" <[EMAIL PROTECTED]> wrote:
Strange... I've set copy_request_to_tunnel and I haven't seen my inner
User-Name be overwritten !
Doing that would be wrong. FreeRADIUS doesn't do that.
I know, It would have broken my setup ;-)
> And, lastly, did you set copy_request_to_tunnel in eap.conf?
> Don't, because
> then your real inner user name gets overwritten by the outer one.
No, absolutely not. That DOES NOT HAPPEN.
Another question: if you don't set copy_request_to_tunnel, could you still
have a rule in the users file matching the user's ldap group (for the users
in the inner request) and the Called-Station-Id (from outer request) ?
You could match LDAP group, because the username is in the inner
request. You can't match Called-Station-Id, because it's in the outer
request.
Ok, so I had correctly interpreted this copy_request_to_tunnel option.
Thus I thin the previous debug output showing th decoded inner request
was better to troubleshoot tunneled authentication schemes.
Thanks again for this clarification,
Thibault
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
