After alot of experimenting & researching, I still haven't found
a solution to the TTL anonymous outer identity being used for
I have set a DEFAULT entry that sets the User-Name attribute via
':=', but I still end up with two User-Name attributes (anonymous
identity & real identity). This is especially strange, since
use_tunneled_reply & copy_request_to_tunnel are both enabled as
If I understand correctly, := should replace the anonymous (first)
User-Name value with the real (second) value permitting they are in
the same session. Upon looking back at the debug output, it looks
the tunneled request is actually handled as if it were a seperate
request than the one containing it (request->eap module-(unpack)-
This would explain why two User-Name attributes are showing up in
final response. Is there any way to discard the first (anonymous)
via a module or other method without hacking FR code?
Surely someone has this working. My setup is just basic TTLS-PAP
auth'ing against LDAP.
P.S. A link to a list of known-good access points, or personal
recommendations on access points would also be appreciated.
We will be replacing a few 3com APs soon because they don't
play well with...well...ANYTHING. One (3com OfficeConnect)
doesn't even have options for radius account, even though
it advertises the feature right on the box.
Click for free info on criminal justice degrees and make $150K/ year
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html