EAP and accounting

King, Michael MKing at bridgew.edu
Fri Oct 20 15:24:30 CEST 2006


Yes.  It's possible.

Look in eap.conf  In each EAP section (TTLS and PEAP) this code snippet exists

                        #  The reply attributes sent to the NAS are
                        #  usually based on the name of the user
                        #  'outside' of the tunnel (usually
                        #  'anonymous').  If you want to send the
                        #  reply attributes based on the user name
                        #  inside of the tunnel, then set this
                        #  configuration entry to 'yes', and the reply
                        #  to the NAS will be taken from the reply to
                        #  the tunneled request.
                        #
                        # allowed values: {no, yes}
                        use_tunneled_reply = no 

-----Original Message-----
From: freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.org] On Behalf Of Angel L. Mateo
Sent: Friday, October 20, 2006 5:12 AM
To: FreeRadius users mailing list
Subject: EAP and accounting

Hello,

	I am developing my freeradius server (version 1.1.2) to use it in a WPA wireless environment with EAP authentication.

	Until this moment (without EAP) the accounting information collected by freeradius is in the form:

- detail-YYYYMMDD:

Fri Oct 20 11:07:59 2006
        User-Name = "<username>@<realm>"
        NAS-Port = 2161
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = X.X.X.X
        Class = 0x69636172756d
        Calling-Station-Id = "172.18.201.166"
        Acct-Status-Type = Start
        Acct-Session-Id = "15D003FA"
        Tunnel-Client-Endpoint:0 = "172.18.201.166"
        Acct-Authentic = RADIUS
        Acct-Delay-Time = 0
        NAS-IP-Address = <nas IP address>
        NAS-Port-Type = Virtual
        Proxy-State = 0x323034
        Client-IP-Address = <client ip address>
        Acct-Unique-Session-Id = "e43a1da655ba3ef3"
        Stripped-User-Name = "<username>"
        Realm = "<realm>"
        Timestamp = 1161335279

- auth-detail-YYYYMMDD:

Packet-Type = Access-Request
Fri Oct 20 11:10:14 2006
        User-Name = "<username>@<realm>"
        User-Password = "190482"
        NAS-Identifier = "<nas id>"
        NAS-IP-Address = <nas ip>
        Proxy-State = 0x323433
        Client-IP-Address = <client ip>

	But with EAP the files has the same form, but username is always "anonymous", because the real authentication is made through the tunnel connection.

	I want to know if there is any way to configure radius to log the real username instead of anonymous in the log files.

	Thanks.


--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información       _o)
y las Comunicaciones Aplicadas (ATICA)      / \\
http://www.um.es/atica                    _(___V
Tfo: 968367590
Fax: 968398337


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list