issue with mysql accounting

[Jan Satko]

Hi.

I have WIFI network based on Cisco Aironet 1130 with WPA/TKIP -
EAP-PEAP. Radius server is freeradius (just upgraded to
1.1.7) with mysql backend (users,accounting). Everything worked fine
for maybe 2 years. Just atm i have a new problem.

Some APs got new IOS and i noticed that now is not sending User-Name like
name at real but is sending MAC address as Username. This "MAC address"
username i got also as system enviroment variables.
On other APs with old IOS i got also problem. Some users got some new
software for connecting to the network(suplicant) where they can set some
"fake" outer username.

Ofc users can authenticate against radius without problems. I think its
because inner authentication variables (MS-CHAPv2 login name?) which
freeradus use for authentication.

So it looks like (for me) that AP is sending "outer" information for
accounting. Maybe there is some option howto force AP to show inner
username ?

Back to MYSQL. Mysql atm is logging "fake usernames" or MAC addresses
as UserName into radacc table. BUT mysql is logging correct
username (inner) into radpostauth.

Any chance howto solve this problem ? I want to log username like for
radpostauth. Also want this username as system enviroment variable so i
can make some start/stop scripts where i can use it.

I noticed that TTLS has some options in eap.conf about tunneled-reply or
variables. But i have dozen of users(usually students) which have only
XP/Vista with PEAP plugin. Cannot force them to install TTLS (if TTLS
will works).

Tyvm for help.

S pozdravom

--
   Bc. Jan 'EIS' Satko       Slovak University of Agriculture
 network & system manager            Tr. A. Hlinku 2
  Tel: +421 37 7412 616           949 76 Nitra Slovakia