RES: RES: Incorrect username being registered by freeradius

Alan DeKok aland at deployingradius.com
Tue Jun 23 21:21:15 CEST 2020


On Jun 23, 2020, at 12:47 PM, Daniel Guimaraes Pena <daniel.pena at mpdft.mp.br> wrote:
> Well, I thought something for these two problems, but before try to implement them, I would like your opinion, if possible:
> 
> FIRST: for the problem of outer username being different from inner-tunnel.
> Is it possible do something like this?
> IF inner-tunnel-username <> outer-username
> 	Set outer-username equal to innet-tunnel-username
> Does this solution can cause crazy inserts at radacct table or cause user to receive deny access to wifi?

  It will break things.

  Instead of working around broken systems, you should just fix the broken systems.

> SECOND: for the problema of mac address being registered at radacct table:
> I will try to create some check at username for account packets like this:
> IF username is equal to calling-station-id(in lowercase and without "-")
> 	Then set username to (select username from radacct where calling-station-id = 'MAC' and username <> 'wrong mac string' limit 1;)

  The solution is to just set the User-Name in the Access-Accept reply.  The NAS *should* use that in later accounting requests:

post-auth {
	...

	update reply {
		User-Name := &request:User-Name
	}
}

> Thanks!! I hope you don’t get angry with me for doing this mass =P

  Nope.  My frustration is with people who ask question, and argue with the answers.  So long as you're trying to understand, I'm happy to help.

  Alan DeKok.




More information about the Freeradius-Users mailing list