Hi, > Our FR is doing EAP most of the time, and it's working fine. > However, we would want our NAS to see the inner true User-Name, not the > outer one. I know this can be set in the inner-tunnel post-auth section > uncommenting the update outer.reply lines, but that exposes our users' > inner User-Name to proxied-to-us authentications. > > So my question is: Which attributes should I check to tell apart local and > external auths?
you can add an attribute (and local one you want) to the request/reply in the inner-tunnel and then see that request in the outer tunnel - so local users can be seen/verified via that local internal attribute as remote auths wouldnt have that attribute alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
