Intel PEAP client "Roaming Identity"

Ben Thompson bt4 at york.ac.uk
Mon Sep 19 09:51:14 CEST 2005


On Thu, 2005-09-15 at 13:54 -0400, Alan DeKok wrote:
> Ben Thompson <bt4 at york.ac.uk> wrote:
> > Could anyone advise me whether it is possible to configure my server so
> > that the actual username used get's logged in the accounting records
> > instead of this roaming identity string?
> 
>   Configure peap{} & ttls{} with "use_tunneled_reply = yes".
> 
>   Add the following to the top of the "users" file:
> 
> DEFAULT	  FreeRADIUS-Proxied-To == 127.0.0.1
> 	  User-Name = "%{User-Name}",
> 	  Fall-Through = Yes
> 
>   This will send the inner tunnel user name back to the AP, which is
> *supposed* to then use it in accounting packets.
> 
>   Alan DeKok.

Thanks Alan, that's done the trick.

Ben




More information about the Freeradius-Users mailing list