On 09/15/2011 01:21 PM, Markus Ludwig Grandpre wrote: Hello Markus,
> when performing inner authentication User-Name attribute value is always > empty in reply: Try %x or %X for EAP Identity instead. There may not be a User-Name RADIUS attribute in the EAP inner authentication, so your option is to try the EAP Identity. Actually EAPAnonymous setting does affect things here, but %x or %X may still be better options to use. > Code: Access-Accept > Identifier: 14 > Authentic: <212>[#<152><3><140><169><207>;U;<217>gM<190><8> > Attributes: > User-Name = "" > EAP-Message = <3><7><0><4> > ... > > Format of incomming username and suggested User-Name format in reply is: > > x.y@realm > > AuthBy definition is: > > <AuthBy LDAP2> > ... > UsernameAttr cn > UsernameMatchesWithoutRealm > ... > AddToReply User-Name=%U > EAPType MSCHAP-V2 > ... > </AuthBy> > > > Can you please explain to me why %U (also %u and %n) is empty. > Markus > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
