The fact that you have added that entry to the users file doesn't mean that it will get matched and processed. You haven't posted the whole debug so it's hard to be sure, but my guess is that this is the problem (from users file): # When an authentication request is received from the comm server, # these values are tested. Only the first match is used unless the # "Fall-Through" variable is set to "Yes". # # A special user named "DEFAULT" matches on all usernames. # You can have several DEFAULT entries. All entries are processed # in the order they appear in this file. The first entry that # matches the login-request will stop processing unless you use # the Fall-Through variable. # Ivan Kalik Kalik Informatika ISP Dana 3/10/2007, "Chris Bradshaw" <cwbshaw@gmail.com> piše:
Hi....
The debug output was pretty much the same as my first email. I have attached it below anyway. This debug output was taken with freeradius 1.1.7 and the following configured:
* Enabled use_tunneled_reply & copy_request_to_tunnel.
* Have the following in the users file: DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1 User-Name := `%{User-Name}`
Am I correct in saying that the NAS will send an Accounting-Request using the User-Name it received in the previous Access-Accept?
If so, how can it be the fault of the NAS if freeradius (in spite of trying the settings above) is still sending an Access-Accept with User-Name set to anonymous?
TIA
Chris.
rlm_ldap: user t00037191 authenticated succesfully rlm_sql (sql): Processing sql_postauth rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 TTLS: Got tunneled reply RADIUS code 2 Tunnel-Private-Group-Id:1 = "90" Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Type:1 = VLAN Session-Timeout = 900 rlm_sql (sql): Processing sql_postauth rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 Sending Access-Accept of id 58 to 10.11.2.91 port 1645 Tunnel-Private-Group-Id:1 = "90" Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Type:1 = VLAN Session-Timeout = 900 MS-MPPE-Recv-Key = 0x916f89b88b0096fa19178e281a02f35c1291005c5942e5a2c5e1257e45d0e658 MS-MPPE-Send-Key = 0x63d4685ca902be7473bcf3d62d730a77c5fe4648aab0834fac5f41178a424a7d EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "anonymous" rad_recv: Accounting-Request packet from host 10.11.2.91:1646, id=143, length=229 Acct-Session-Id = "00002246" Called-Station-Id = "0011.5cc7.1be0" Calling-Station-Id = "0090.4b28.86b0" Cisco-AVPair = "ssid=ittwlan" Cisco-AVPair = "vlan-id=90" Cisco-AVPair = "nas-location=unspecified" User-Name = "anonymous" Cisco-AVPair = "connect-progress=Call Up" Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "7190" NAS-Port = 7190 Service-Type = Framed-User NAS-IP-Address = 10.11.2.91 Acct-Delay-Time = 0 rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2
On 03/10/2007, Alan DeKok <aland@deployingradius.com> wrote:
Chris Bradshaw wrote:
However, I have tried the suggestions in this reply:
* Enable use_tunneled_reply & copy_request_to_tunnel (I already had these enabled).
* Have the following in the users file: DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1 User-Name := `%{User-Name}`
And... what do you see in the Access-Accept when you run in debugging mode?
....but it still makes no difference.....radwho still returns 'anonymous' whenever I log in.
Stop looking at radwho. It's output is WAY down the chain of cause and effect.
1) ensure that the real user name is in the Access-Accept. If not, make it appear there. 2) ensure that the accounting request contains the real user name If it contains "anonymous", buy a real NAS. Your NAS is broken.
After that, radwho *should* do the right thing.
Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html