> > * there is one problem that FreeRADIUS doesn't return the inner ID into the > outer one when using EAP-TTLS (but does when using EAP-PEAP), but this is > nothing Aruba-specific and probably a configuration error in FreeRADIUS on > our part.
I've got a strange thing here as well. In the inner-tunnel config there's a commented option that says uncomment this if you want to pass back the inner user-name attribute to the outer level. I uncommented this on my 2.2 server and tested that things worked o.k. using windoze, os/x and iOS clients manually configured. I then used the test utility from wpa-supplicant to try different combinations of inner/outer user-names and that worked as well. Imagine my surprise when I connected with my iPhone which was configured using our XpressConnect setup which failed telling me that i had an identity mismatch. When I commented out the config option again, my iPhone started working again. Interestingly enough even without the commented config, the User-Name appears in the outgoing Access-Accept packet. Haven't looked to see why yet, got other issues. Rgds Alex - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html