Arran Cudbard-Bell wrote: > And indeed as the RFC states, the User-Identity needs to be set in the > access requests for none EAP aware proxies. I suspect FreeRADIUS may > count as one of these, as for all intensive purposes as it provides no > mechanism to proxy arbitrary segments of an EAP conversation on inner > identity alone.
I'm not sure why that matters. the *NAS* sets User-Name in the Access-Request. The proxying server doesn't have to do anything. > Reason why I was asking is because most of the tests on the JRS test > website seem to break when you base the reply in FreeRADIUS, on the > inner identity as opposed to the outer identity. The "post-auth" section is run in the outer identity, so you can re-write the reply to be whatever you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
