EAP and accounting

King, Michael MKing at bridgew.edu
Fri Oct 20 15:24:30 CEST 2006

Yes.  It's possible.

Look in eap.conf  In each EAP section (TTLS and PEAP) this code snippet exists

                        #  The reply attributes sent to the NAS are
                        #  usually based on the name of the user
                        #  'outside' of the tunnel (usually
                        #  'anonymous').  If you want to send the
                        #  reply attributes based on the user name
                        #  inside of the tunnel, then set this
                        #  configuration entry to 'yes', and the reply
                        #  to the NAS will be taken from the reply to
                        #  the tunneled request.
                        # allowed values: {no, yes}
                        use_tunneled_reply = no 

-----Original Message-----
From: freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.org [mailto:freeradius-users-bounces+mking=bridgew.edu at lists.freeradius.org] On Behalf Of Angel L. Mateo
Sent: Friday, October 20, 2006 5:12 AM
To: FreeRadius users mailing list
Subject: EAP and accounting


	I am developing my freeradius server (version 1.1.2) to use it in a WPA wireless environment with EAP authentication.

	Until this moment (without EAP) the accounting information collected by freeradius is in the form:

- detail-YYYYMMDD:

Fri Oct 20 11:07:59 2006
        User-Name = "<username>@<realm>"
        NAS-Port = 2161
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Framed-IP-Address = X.X.X.X
        Class = 0x69636172756d
        Calling-Station-Id = ""
        Acct-Status-Type = Start
        Acct-Session-Id = "15D003FA"
        Tunnel-Client-Endpoint:0 = ""
        Acct-Authentic = RADIUS
        Acct-Delay-Time = 0
        NAS-IP-Address = <nas IP address>
        NAS-Port-Type = Virtual
        Proxy-State = 0x323034
        Client-IP-Address = <client ip address>
        Acct-Unique-Session-Id = "e43a1da655ba3ef3"
        Stripped-User-Name = "<username>"
        Realm = "<realm>"
        Timestamp = 1161335279

- auth-detail-YYYYMMDD:

Packet-Type = Access-Request
Fri Oct 20 11:10:14 2006
        User-Name = "<username>@<realm>"
        User-Password = "190482"
        NAS-Identifier = "<nas id>"
        NAS-IP-Address = <nas ip>
        Proxy-State = 0x323433
        Client-IP-Address = <client ip>

	But with EAP the files has the same form, but username is always "anonymous", because the real authentication is made through the tunnel connection.

	I want to know if there is any way to configure radius to log the real username instead of anonymous in the log files.


Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información       _o)
y las Comunicaciones Aplicadas (ATICA)      / \\
http://www.um.es/atica                    _(___V
Tfo: 968367590
Fax: 968398337

List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list