radwho question....

Chris Bradshaw cwbshaw at gmail.com
Wed Oct 3 11:10:48 CEST 2007


Hi.....

Thanx for the reply. I do have 'use_tunneled_reply = yes' in eap.conf,
but I am still seeing the outer identity showing up when I use radwho.

I have run radiusd -A -x and have appended the Access-Accept section
to this email. The first line of the log shows the inner identity (my
login, cwbshaw) successfully authenticating (via LDAP).

I'd be grateful for any help you can offer.

TIA

Chris.


rlm_ldap: user cwbshaw authenticated succesfully
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
  TTLS: Got tunneled reply RADIUS code 2
        Tunnel-Private-Group-Id:1 = "90"
        Tunnel-Medium-Type:1 = IEEE-802
        Tunnel-Type:1 = VLAN
        Session-Timeout = 900
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
Sending Access-Accept of id 7 to 10.11.2.91:1645
        Tunnel-Private-Group-Id:1 = "90"
        Tunnel-Medium-Type:1 = IEEE-802
        Tunnel-Type:1 = VLAN
        Session-Timeout = 900
        MS-MPPE-Recv-Key =
0xcbc7be67c93e3a3452f943380ee4e2c053fdf02f874781ecfbacf6788fed419d
        MS-MPPE-Send-Key =
0xfd4d541226142098174d3a748263b2790e59dec67e76fdcc16654357a73e084c
        EAP-Message = 0x03080004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "anonymous"
rad_recv: Accounting-Request packet from host 10.11.2.91:1646, id=89, length=229
        Acct-Session-Id = "00002149"
        Called-Station-Id = "0011.5cc7.1be0"
        Calling-Station-Id = "0090.4b28.86b0"
        Cisco-AVPair = "ssid=ittwlan"
        Cisco-AVPair = "vlan-id=90"
        Cisco-AVPair = "nas-location=unspecified"
        User-Name = "anonymous"
        Cisco-AVPair = "connect-progress=Call Up"
        Acct-Authentic = RADIUS
        Acct-Status-Type = Start
        NAS-Port-Type = Wireless-802.11
        Cisco-NAS-Port = "6965"
        NAS-Port = 6965
        Service-Type = Framed-User
        NAS-IP-Address = 10.11.2.91
        Acct-Delay-Time = 0
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
Sending Accounting-Response of id 89 to 10.11.2.91:1646


On 02/10/2007, Alan DeKok <aland at deployingradius.com> wrote:
> Chris Bradshaw wrote:
> > I am using freeradius 1.0.1 on a Red Hat Ent Linux v4 server as an
> > authentication backend for our wireless network.
>
>   You really should upgrade, but that's another story.
>
> > I have noticed that if I run radwho, I seem to only see the name of
> > the user from the 'outside' of the tunnel (in this case
> > 'anonymous')....as a result its not possible to tell who is connected
> > at any one time.
>
>   The NAS is responsible for sending the "anonymous" user name.  If you
> want the NAS to send something different, you have to send the inner
> tunnel user name back in the Access-Accept.
>
>   See "use_tunneled_reply" in the configuration for the EAP module.
>
> > Also I have noticed that the fields tend to get truncated:
> >
> > Login      Name              What  TTY  When      From      Location
> > anonymous  anonymous         shell >999 Tue 16:00 10.10.2.9
> >
> > The IP address above should be 10.10.2.96.
>
>   Change the format of the "printf" command in radwho.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list