EAP-TTLS Accounting Bug

I didn't see anything about it in the list of changes, but I was wondering
if this issue has been fixed in any recent releases ( > 1.1.5)

Quick summary of the problem is that the := operator wouldn't replace
the current anonymous outer identity for the User-Name attribute, but
rather would just add another User-Name attribute. All output then of
course used the anonymous identity, which isn't helpful in the least
for radius accounting, or user tracking.


-----Original Message-----
From: freeradius-users-bounces+jhubert=med-
web.com@lists.freeradius.org [mailto:freeradius-users-
bounces+jhubert=med-web.com@lists.freeradius.org] On Behalf Of
Sam Schultz
Sent: Wednesday, March 14, 2007 7:14 PM
To: freeradius-users@lists.freeradius.org
Subject: Re: RE : EAP-TTLS outer identity & accounting

An entry like:

DEFAULT         Realm == "test", Autz-Type := sql-test
                User-Name = "%{User-Name}"

does add a new User-Name attribute with the proper value, but I need a
way to delete the anonymous@ entry still, because I Access- Accepts
like
this:

Sending Access-Accept of id 134 to 192.168.0.5 port 5190
        User-Name := "anonymous@test"
        User-Name := "test@test"

Followed by Accounting-Requests that still contain the anonymous
entry, so it is still using the oldest (first?) User-Name attribute.
Is
there any way at all to REMOVE already set attributes so they aren't
re-sent to the NAS?

For that matter, shouldn't the "use_tunneled_reply = yes" in the ttls
module configuration have kept me from having this problem?

I also have copy_request_to_tunnel set to yes, but I doubt that should
be causing a problem like this.

On Wed, 14 Mar 2007 13:03:21 -0500 Sam Schultz
<segfault90@hushmail.com> wrote:
>On Wed, 14 Mar 2007 11:25:20 -0500 Thibault Le Meur
><Thibault.LeMeur@supelec.fr> wrote:
>>> -----Message d'origine-----
>>> De :
>>> freeradius-users-
bounces+thibault.lemeur=supelec.fr@lists.free
>>> radius.org
>>> [mailto:freeradius-users-
bounces+thibault.lemeur=supelec.fr@li
>>> sts.freeradius.org] De la part de Sam Schultz Envoyé : mercredi 14
>>> mars 2007 17:13 À : freeradius-users@lists.freeradius.org
>>> Objet : Re: EAP-TTLS outer identity & accounting
>>>
>>>
>>>
>>>
>>> On Tue, 13 Mar 2007 13:15:52 -0500 Alan DeKok
>>> <aland@deployingradius.com> wrote:
>>> >Sam Schultz wrote:
>>> >>
>>> >> This should be solvable by adding something like 'User-Name =
>>> >> %{User-Name}' to the DEFAULT entries in
the
>>users
>>> >file,
>>> >> correct?
>>> >
>>> >  Yes.
>>>
>>> One of my users file DEFAULT entries look like this:
>>>
>>> DEFAULT         Realm == "test", Autz-Type := sql-test,
User-
>>Name =
>>> "%u"
>>>
>>> However, FreeRADIUS tells me this:
>>>
>>> Error: Invalid operator for item User-Name: reverting to
'=='
>>>
>>> I assume I'm not supposed to forcibly change User-Name, so
what
>>> attribute would I set to return the correct username to
the
>NAS?
>>
>>> I know there is a run-time variable %(reply:User-Name},
would I
>>> need to somehow update it with the correct value for User-
Name
>>> instead?
>>
>>Yes, by simply adding the User-Name = XXX to the reply items
>(that
>>is to say
>>not on the first line). Try something like this:
>
>This didn't make much sense at first, but I think I
understand it
>now.
>What you're saying is that the first line is only for check
items,
>which is why I couldn't set User-Name there. The second line
and
>beyond
>then are for, what? Reply items ONLY, or check & reply items?
Is
>this
>documented anywhere? I just did a quick check through the freeradius
>doc directory, and only found a rlm_fastusers document which
didn't
>have anything to say about format restrictions.
>
>>
>>DEFAULT         Realm == "test", Autz-Type := sql-test
>>    User-Name=`%{User-Name}`
>>
>>HTH,
>>Thibault
This archive was generated by a fusion of Pipermail (Mailman edition) and MHonArc.