> > Nope; see RFC 3579 for the gory details: > > > > "the NAS MUST copy the contents of the Type-Data field of the > > EAP-Response/Identity received from the peer into the User-Name > > attribute" > > > > See thats what I suspected, else how could the User-Name > attribute be populated in the access requests... > And indeed as the RFC states, the User-Identity needs to be > set in the access requests for none EAP aware proxies. I > suspect FreeRADIUS may count as one of these, as for all > intensive purposes as it provides no mechanism to proxy > arbitrary segments of an EAP conversation on inner identity alone. > Unless I missed something ?
No, that's correct. > > For the reason given above, it *does* need to understand the > > EAP-Identity-Response. But that's about it! The NAS is a > pretty dumb > > device. > > Reason why I was asking is because most of the tests on the > JRS test website seem to break when you base the reply in > FreeRADIUS, on the inner identity as opposed to the outer identity. I'm surprised at that, IIRC (and I did write the code originally :-) the tests use the same name for inner and outer. Still, it would probably be best if you raised a ticket with JANET Customer Services as this is a bit OT for this list. best regards, josh. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
