I've never heard such a thing with copying the username at the RADIUS server. If your goal is to show the actual (inner) username, instead of the anonymous username, return the authenticated username as the IETF:User-Name attribute.
BTW, please be advised that PEAP and TTLS are likely to be vulnerable to man-in-the-middle attacks, unless you have full control over your clients to enforce that credentials are only sent by the client if the server certificate matches. PEAP uses MSCHAPv2 which has been severely broken and should not be used as per
Microsoft recommendation.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Oct 21, 2022 09:33 AM
From: Jason Taylor
Subject: ClearPass
Hello all,
A customer has asked if it is possible with ClearPass to copy the inner EAP authentication ID (for TTLS and PEAP) to the outer ID for our staff and students. They have done this previously with FreeRADIUS, apparently this provide better visibility/usefulness locally.
------------------------------
Jason
------------------------------