Thierry CHICH wrote: > I have an access-point, and I want use EAP/TTLS in order to authenticate > people on my LDAP server. The first time, I had then something like that: ... > in my intel proset, if I am giving a false identity in my roaming profile > with > a good identity and a good password, it is working. The authorization step > doesn't work as I want. The most important problem is that the accounting is > using my roaming profile.
Yes. The outer identity is often "anonymous", and does not matter for authentication. If you set the User-Name in the Access-Accept, the NAS *should* use that name for accounting, and not the name from the outer identity. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
