Unencrypted username in radacct/radpostauth for ttls tunnel authenticated user
Hi, I have managed to auth a Greenpacket WiMAX MS via an eap ttls tunnel. Thanks to Alan's direction earlier, I can also send the service flow definitions correctly. I have now found that subsequent db writes (and logging) associated with accounting and postauth functions are the encrypted values (available in the tunnel?). Is there a way to ensure that the plaintext values are used with all subsequent logging actions? Regards, JamesTM Irrationally held truths may be more harmful than reasoned errors. - Thomas H. Huxley
James T. Mugauri wrote:
I have managed to auth a Greenpacket WiMAX MS via an eap ttls tunnel. Thanks to Alan's direction earlier, I can also send the service flow definitions correctly.
That's good.
I have now found that subsequent db writes (and logging) associated with accounting and postauth functions are the encrypted values (available in the tunnel?). Is there a way to ensure that the plaintext values are used with all subsequent logging actions?
Use a DB. On Access-Accept, store the unencrypted User-Name in the DB, along with a Class attribute. When you receive an accounting packet, look up the Class attribute to find the unencrypted User-Name. That's pretty much the only way with WiMAX. Alan DeKok.
participants (2)
-
Alan DeKok -
James T. Mugauri