EAP-TTLS outer identity & accounting
Sam Schultz
segfault90 at hushmail.com
Thu Mar 15 00:13:40 CET 2007
An entry like:
DEFAULT Realm == "test", Autz-Type := sql-test
User-Name = "%{User-Name}"
does add a new User-Name attribute with the proper value, but I
need a
way to delete the anonymous@ entry still, because I Access-Accepts
like
this:
Sending Access-Accept of id 134 to 192.168.0.5 port 5190
User-Name := "anonymous at test"
User-Name := "test at test"
Followed by Accounting-Requests that still contain the anonymous
entry,
so it is still using the oldest (first?) User-Name attribute. Is
there any way at all to REMOVE already set attributes so they aren't
re-sent to the NAS?
For that matter, shouldn't the "use_tunneled_reply = yes" in the
ttls
module configuration have kept me from having this problem?
I also have copy_request_to_tunnel set to yes, but I doubt that
should
be causing a problem like this.
On Wed, 14 Mar 2007 13:03:21 -0500 Sam Schultz
<segfault90 at hushmail.com> wrote:
>On Wed, 14 Mar 2007 11:25:20 -0500 Thibault Le Meur
><Thibault.LeMeur at supelec.fr> wrote:
>>> -----Message d'origine-----
>>> De :
>>> freeradius-users-bounces+thibault.lemeur=supelec.fr at lists.free
>>> radius.org
>>> [mailto:freeradius-users-bounces+thibault.lemeur=supelec.fr at li
>>> sts.freeradius.org] De la part de Sam Schultz
>>> Envoyé : mercredi 14 mars 2007 17:13
>>> À : freeradius-users at lists.freeradius.org
>>> Objet : Re: EAP-TTLS outer identity & accounting
>>>
>>>
>>>
>>>
>>> On Tue, 13 Mar 2007 13:15:52 -0500 Alan DeKok
>>> <aland at deployingradius.com> wrote:
>>> >Sam Schultz wrote:
>>> >>
>>> >> This should be solvable by adding something like
>>> >> 'User-Name = %{User-Name}' to the DEFAULT entries in the
>>users
>>> >file,
>>> >> correct?
>>> >
>>> > Yes.
>>>
>>> One of my users file DEFAULT entries look like this:
>>>
>>> DEFAULT Realm == "test", Autz-Type := sql-test, User-
>>Name =
>>> "%u"
>>>
>>> However, FreeRADIUS tells me this:
>>>
>>> Error: Invalid operator for item User-Name: reverting to '=='
>>>
>>> I assume I'm not supposed to forcibly change User-Name, so what
>>> attribute would I set to return the correct username to the
>NAS?
>>
>>> I know there is a run-time variable %(reply:User-Name}, would I
>>> need to somehow update it with the correct value for User-Name
>>> instead?
>>
>>Yes, by simply adding the User-Name = XXX to the reply items
>(that
>>is to say
>>not on the first line). Try something like this:
>
>This didn't make much sense at first, but I think I understand it
>now.
>What you're saying is that the first line is only for check items,
>which is why I couldn't set User-Name there. The second line and
>beyond
>then are for, what? Reply items ONLY, or check & reply items? Is
>this
>documented anywhere? I just did a quick check through the
>freeradius
>doc directory, and only found a rlm_fastusers document which didn't
>have anything to say about format restrictions.
>
>>
>>DEFAULT Realm == "test", Autz-Type := sql-test
>> User-Name=`%{User-Name}`
>>
>>HTH,
>>Thibault
>>
>>
>>
>>-
>>List info/subscribe/unsubscribe? See
>>http://www.freeradius.org/list/users.html
>
>--
>Click for free info on online degrees and make $150K/ year
>http://tagline.hushmail.com/fc/CAaCXv1S7YfNF4AEzCH38YxSm8GfpqO2/
>
>-
>List info/subscribe/unsubscribe? See
>http://www.freeradius.org/list/users.html
--
Click for free info on getting an MBA and make $200K/ year
http://tagline.hushmail.com/fc/CAaCXv1I825CIGoNlzaFbOgSCtxLP6kM/
More information about the Freeradius-Users
mailing list