hi,
FIRST: for the problem of outer username being different from inner-tunnel. Is it possible do something like this? IF inner-tunnel-username <> outer-username Set outer-username equal to innet-tunnel-username Does this solution can cause crazy inserts at radacct table or cause user to receive deny access to wifi?
the inner username if different to the outer, is usually for privacy/anonymous - you dont want to expose the inner username to the NAS - and doing so may break EAP anyway. this si where you would probably want to use eg CUI (Chargeable User Identity) in your Access-Accept packet - and then use the CUI for the accounting packets
SECOND: for the problema of mac address being registered at radacct table:
first, try looking at the NAS configuration and checking if you can adjust how it does the Acct update packets. I guess your Acct start packet is fine, its the account update that is being borked. maybe related to any mobility option your NAS platform has?
I will try to create some check at username for account packets like this: IF username is equal to calling-station-id(in lowercase and without "-") Then set username to (select username from radacct where calling-station-id = 'MAC' and username <> 'wrong mac string' limit 1;)
you could do something like that but its a big hit on the DB . you already know the CSI from the first successful authentication as this is temporal data so you might want to record that key pair in a simple REDIS/etc DB instead rather than hitting the live accounting tables. alan