Hi all, I'm testing accounting on a freeradius (version 2.1.11). The nas appliances are Cisco Wireless APs, and I've configured PEAP/MSCHAPv2 authentication (using a openldap backend, where the freeradius server verify username and passwords). Anyway, all works, so authentication succeds without issues, and also i get network access accounting infos on the radius server (i see the 1813 port radius packes, also i can see users with radwho). The problem arises from the tunneled nature of PEAP. Accounting works, i guess, only on the esternal attribute User-Name, so all users that (correctly) configure outer identity with a generic 'anonymous' is logged in the accounting session with the same, useless, username: # radwho Login Name What TTY When From Location anonymous anonymous shell S276 Tue 11:53 10.4.5.5 But in my configuration freeradius is not only a proxy, it also behave as a eap server, manage the tls tunnel with the user supplicant, and verify the inner peap/mschapv2 credentials, so from the freeredius '-X' log I can see: ------------------------------------ [peap] processing EAP-TLS [peap] eaptls_verify returned 7 [peap] Done initial handshake [peap] eaptls_process returned 7 [peap] EAPTLS_OK [peap] Session established. Decoding tunneled attributes. [peap] Peap state phase2 [peap] EAP type mschapv2 [peap] Got tunneled request EAP-Message = 0x020a00061a03 server { [peap] Setting User-Name to 'realusername' --------------------------------------- Hhere 'realusername' is a placeholder for one of my real users, but i can get this info only running freeradius with '-X' option. Is there some practical way to get this information from freeradius or, better, 'link' this information with the Accounting-Request packets i get from the nas after the authentication phase? Thanks in advance Pietro