EAP-TTLS outer identity & accounting

Sam Schultz segfault90 at hushmail.com
Thu Mar 15 17:27:39 CET 2007 

On Thu, 15 Mar 2007 10:51:17 -0500 Alan DeKok 
<aland at deployingradius.com> wrote:
>Sam Schultz wrote:
>> An entry like:
>> 
>> DEFAULT         Realm == "test", Autz-Type := sql-test
>>                 User-Name = "%{User-Name}"
>
>  Please read "man users" for the definition and meaning of 
>operators.
>
>  You want:
>
>DEFAULT ...
>	User-Name := ...

Actually, the example above was a typo. The 'User-Name =' line was
'User-Name :=' during testing, which is the part that is confusing,
since the documentation states: 

   Attribute := Value
       Always matches as a check item, and replaces in the 
configuration   
       items any attribute of the same name. If no attribute of that
       name appears in the request, then this attribute is added. 

       As a reply item, it has an identical meaning, but for the 
reply
       items, instead of the request items.

According to this passage from the operators web page
(http://wiki.freeradius.org/Operators), I would expect the original
'anonymous at test' entry to be replaced by 'test at test', and not be
appended to the list like what is apparently happening.

>...
>> Followed by Accounting-Requests that still contain the anonymous 
>
>> entry,
>> so it is still using the oldest (first?) User-Name attribute. Is 
>
>> there any way at all to REMOVE already set attributes so they 
>aren't
>> re-sent to the NAS?
>
>  The documentation helps in these matters.

The documentation helps ONLY if the documentation is consistent with
the application's design, and ONLY if the NASes at the other end 
adhere
to the RADIUS standard. Of course, I would chalk this up to a 
mistake in 
my configuration before asserting the former. The output of fr's 
output
seems to rule out the latter.

>
>  Alan DeKok.
>--
>  http://deployingradius.com       - The web site of the book
>  http://deployingradius.com/blog/ - The blog
>- 
>List info/subscribe/unsubscribe? See 
>http://www.freeradius.org/list/users.html

--
Click for free info on online masters degrees and make $150K/ year
http://tagline.hushmail.com/fc/CAaCXv1S74oLy1CA3gAXs15s3QyaHS8N/

More information about the Freeradius-Users mailing list