EAP-TTLS outer identity & accounting
Alan DeKok
aland at deployingradius.com
Tue Mar 13 17:58:51 CET 2007
Sam Schultz wrote:
> I'm currently using EAP-TTLS & PAP (via SecureW2) to authorize &
> authenticate wireless clients against specific realms. Users are
> able to authorize & authenticate properly, but the username in
> incoming accounting replies come in as 'anonymous@<realmname>'.
You can set "User-Name" in the Access-Accept, and the NAS should use
that in Accounting-Requests.
> I had this spitting out proper accounting information before,
> and haven't changed any configuration options since putting it
> into production. The only conclusions I can come up with are:
>
> 1) The access points are buggy (3com OfficeConnects)
No.
> 2) FreeRADIUS doesn't keep track of connections properly -- either
> because it doesn't bother to replace anonymous entries with the
> previously seen identity for the given ID, or I haven't
> configured it to do so.
No.
The problem is that the supplicant is sending "anonymous at ..." as the
User-Name.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list