TTLS-PAP accounting bug

Sam Schultz djinn90 at gmail.com
Fri Jun 15 18:46:27 CEST 2007


I was just wondering if the bug from this post has been fixed since 1.1.6:

"Re: EAP-TTLS outer identity & accounting"

After alot of experimenting & researching, I still haven't found a solution
to the TTL anonymous outer identity being used for accounting.

I have set a DEFAULT entry that sets the User-Name attribute via ':=', but I
still end up with two User-Name attributes (anonymous identity & real
identity). This is especially strange, since use_tunneled_reply &
copy_request_to_tunnel are both enabled as well.

If I understand correctly, := should replace the anonymous (first) User-Name
value with the real (second) value permitting they are in the same session.
Upon looking back at the debug output, it looks like the tunneled request is
actually handled as if it were a seperate request than the one containing it
(request->eap module-(unpack)-
>new request).
This would explain why two User-Name attributes are showing up in the final
response. Is there any way to discard the first (anonymous) entry via a
module or other method without hacking FR code?

Surely someone has this working. My setup is just basic TTLS-PAP auth'ing
against LDAP.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070615/d7c72d91/attachment.html>


More information about the Freeradius-Users mailing list