RES: Incorrect username being registered by freeradius
aland at deployingradius.com
Tue Jun 23 17:46:31 CEST 2020
On Jun 23, 2020, at 11:34 AM, Daniel Guimaraes Pena <daniel.pena at mpdft.mp.br> wrote:
> Thanks for anwaring, Alan, you were right: that is his MAC Address.
> Until this moment, no mac address appeared at radacct table, so I don’t have debug for that yet.
> For this, if I may ask, why user is registered in radacct table with mac address but in radius log appears his real username?
Because the NAS sends accounting packets which contain the MAC address in the User-Name field. And, it sends authentication packets which contain the real name in the User-Name field.
FreeRADIUS does NOT control this. It's at the mercy of whatever the NAS sends.
> Reading debug, real login is "luciana.nogueira"
> Here the debug log for this entry:
> =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2020.06.23 12:21:07 =~=~=~=~=~=~=~=~=~=~=~=
> grep -E "\(4925[7-9]\)|\(4926[0-7]\)" debug.log
> (49257) Received Access-Request Id 151 from 10.34.15.221:1384 to 10.34.242.3:1812 length 151
> (49257) User-Name = "347117"
> (49257) NAS-IP-Address = 10.34.15.221
> (49257) NAS-Port = 2
> (49257) Called-Station-Id = "5C-D9-98-14-37-48:MPDFT"
> (49257) Calling-Station-Id = "48-49-C7-71-79-66"
> (49257) Framed-MTU = 1400
> (49257) NAS-Port-Type = Wireless-802.11
> (49257) Connect-Info = "CONNECT 54Mbps 802.11g"
> (49257) EAP-Message = 0x0200000b01333437313137
The end-user machine is creating that EAP-Message. Which contains "34717" as the name. i.e. hex 333437313137 is "34717"
In order to fix that, you need to fix the end users machine to send a real name. There is nothing you can do to the NAS or FreeRADIUS to fix this issue.
Generally, the outer user name should be something like "@example.com", or "anonymous".
The inner-tunnel is receiving the name "luciana.nogueira", which is fine.
More information about the Freeradius-Users