Intel PEAP client "Roaming Identity"
Zoltan A. Ori
z.ori at morehead-st.edu
Thu Sep 15 19:24:25 CEST 2005
On Thursday 15 September 2005 12:25, Ben Thompson wrote:
> Hi
>
> We have a 802.1x/PEAP wireless network using freeRADIUS 1.0.1 on RedHat
> AS 4. It is important for us to know who is using the network at any
> given time so the accounting logs are very useful to us. The other day
> someone came along with a laptop using an Intel wireless adapter and
> client software. In the configuration settings for this program there
> was a place to enter a username and password for PEAP authentication and
> there was also a field named "Roaming Identity" which as default was set
> to "anonymous at myabc.com". The client conected up fine, but when I
> checked the RADIUS accounting logs I noticed that the username for that
> client was listed as anonymous at myabc.com instead of the one I expected.
> After a bit of googling in found this link on the Dell website which
> describes that the roaming identity is only required for MS RADIUS
> servers :-
> http://support.dell.com/support/edocs/network/P72721/en/UtilAdv.htm
> Could anyone advise me whether it is possible to configure my server so
> that the actual username used get's logged in the accounting records
> instead of this roaming identity string?
>
I couldn't think of a good way to deal with this on our site. I ended up
putting the roaming identity in the users files to reject it. The owner of
the device has to reconfigure their supplicant to fix the roaming identity.
This can probably be handled a bit more elegantly and user friendly in
radiusd.conf but I haven't really had time to work on it.
Zoltan
More information about the Freeradius-Users
mailing list