hi, got a small question for those used to xlate etc. I have a development/test setup here which is happily authenticating via EAP/TTLS and PEAP. however, what I am seeing is that Windows users using PEAP are having their real name logged and recorded, whereas the Mac TTLS and Windows TTLS folk are being recorded as [EMAIL PROTECTED] - ie the outer layer is being recorded as their username (the inner layer username is happily being used for the authorization stage so all is okay....but the NAS and authentication/accounting SQL are filled with the [EMAIL PROTECTED]
now, the Windows PEAP users also have [EMAIL PROTECTED] as their outer ID but I believe its the 'Windows is a bit leaky with inner credentials' issue that is allowing their real ID to be caught and logged. whats the recommended way of fixing this? what have other people done to fix this? enabling features such as use_tunneled_reply and log_stripped_name havent helped... I am thinking that xlate is the way to go oh, and currently the RADPOSTAUTH table is showing the real ID and the anonymous ID which isnt helping the NAS which receives the anonymous part last. do I simply drop or discard the anonymous part when it gets to this proxy box? alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
