Re: EAP-TTLS outer identity & accounting
On Tue, 13 Mar 2007 11:58:51 -0500 Alan DeKok <aland@deployingradius.com> wrote:
Sam Schultz wrote:
I'm currently using EAP-TTLS & PAP (via SecureW2) to authorize & authenticate wireless clients against specific realms. Users are able to authorize & authenticate properly, but the username in incoming accounting replies come in as 'anonymous@<realmname>'.
You can set "User-Name" in the Access-Accept, and the NAS should use that in Accounting-Requests.
This should be solvable by adding something like 'User-Name = %{User-Name}' to the DEFAULT entries in the users file, correct?
I had this spitting out proper accounting information before, and haven't changed any configuration options since putting it into production. The only conclusions I can come up with are:
1) The access points are buggy (3com OfficeConnects)
No.
2) FreeRADIUS doesn't keep track of connections properly -- either because it doesn't bother to replace anonymous entries with the previously seen identity for the given ID, or I haven't configured it to do so.
No.
The problem is that the supplicant is sending "anonymous@..." as the User-Name.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Click for free info on online degrees and make $150K/ year http://tagline.hushmail.com/fc/CAaCXv1S7YhBAO0BOTJUnxxWHHvlnY0O/
Sam Schultz wrote:
This should be solvable by adding something like 'User-Name = %{User-Name}' to the DEFAULT entries in the users file, correct?
Yes. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Sam Schultz