EAP-TTLS outer identity & accounting
Sam Schultz
segfault90 at hushmail.com
Tue Mar 13 19:06:12 CET 2007
On Tue, 13 Mar 2007 11:58:51 -0500 Alan DeKok
<aland at deployingradius.com> wrote:
>Sam Schultz wrote:
>> I'm currently using EAP-TTLS & PAP (via SecureW2) to authorize &
>> authenticate wireless clients against specific realms. Users are
>> able to authorize & authenticate properly, but the username in
>> incoming accounting replies come in as 'anonymous@<realmname>'.
>
> You can set "User-Name" in the Access-Accept, and the NAS should
> use that in Accounting-Requests.
>
This should be solvable by adding something like
'User-Name = %{User-Name}' to the DEFAULT entries in the users file,
correct?
>> I had this spitting out proper accounting information before,
>> and haven't changed any configuration options since putting it
>> into production. The only conclusions I can come up with are:
>>
>> 1) The access points are buggy (3com OfficeConnects)
>
> No.
>
>> 2) FreeRADIUS doesn't keep track of connections properly --
>either
>> because it doesn't bother to replace anonymous entries with
>the
>> previously seen identity for the given ID, or I haven't
>> configured it to do so.
>
> No.
>
> The problem is that the supplicant is sending "anonymous at ..." as
>the
>User-Name.
>
> Alan DeKok.
>--
> http://deployingradius.com - The web site of the book
> http://deployingradius.com/blog/ - The blog
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
--
Click for free info on online degrees and make $150K/ year
http://tagline.hushmail.com/fc/CAaCXv1S7YhBAO0BOTJUnxxWHHvlnY0O/
More information about the Freeradius-Users
mailing list