radwho question....
Chris Bradshaw
cwbshaw at gmail.com
Wed Oct 3 11:10:48 CEST 2007
Hi.....
Thanx for the reply. I do have 'use_tunneled_reply = yes' in eap.conf,
but I am still seeing the outer identity showing up when I use radwho.
I have run radiusd -A -x and have appended the Access-Accept section
to this email. The first line of the log shows the inner identity (my
login, cwbshaw) successfully authenticating (via LDAP).
I'd be grateful for any help you can offer.
TIA
Chris.
rlm_ldap: user cwbshaw authenticated succesfully
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
TTLS: Got tunneled reply RADIUS code 2
Tunnel-Private-Group-Id:1 = "90"
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Type:1 = VLAN
Session-Timeout = 900
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
Sending Access-Accept of id 7 to 10.11.2.91:1645
Tunnel-Private-Group-Id:1 = "90"
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Type:1 = VLAN
Session-Timeout = 900
MS-MPPE-Recv-Key =
0xcbc7be67c93e3a3452f943380ee4e2c053fdf02f874781ecfbacf6788fed419d
MS-MPPE-Send-Key =
0xfd4d541226142098174d3a748263b2790e59dec67e76fdcc16654357a73e084c
EAP-Message = 0x03080004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "anonymous"
rad_recv: Accounting-Request packet from host 10.11.2.91:1646, id=89, length=229
Acct-Session-Id = "00002149"
Called-Station-Id = "0011.5cc7.1be0"
Calling-Station-Id = "0090.4b28.86b0"
Cisco-AVPair = "ssid=ittwlan"
Cisco-AVPair = "vlan-id=90"
Cisco-AVPair = "nas-location=unspecified"
User-Name = "anonymous"
Cisco-AVPair = "connect-progress=Call Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "6965"
NAS-Port = 6965
Service-Type = Framed-User
NAS-IP-Address = 10.11.2.91
Acct-Delay-Time = 0
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
Sending Accounting-Response of id 89 to 10.11.2.91:1646
On 02/10/2007, Alan DeKok <aland at deployingradius.com> wrote:
> Chris Bradshaw wrote:
> > I am using freeradius 1.0.1 on a Red Hat Ent Linux v4 server as an
> > authentication backend for our wireless network.
>
> You really should upgrade, but that's another story.
>
> > I have noticed that if I run radwho, I seem to only see the name of
> > the user from the 'outside' of the tunnel (in this case
> > 'anonymous')....as a result its not possible to tell who is connected
> > at any one time.
>
> The NAS is responsible for sending the "anonymous" user name. If you
> want the NAS to send something different, you have to send the inner
> tunnel user name back in the Access-Accept.
>
> See "use_tunneled_reply" in the configuration for the EAP module.
>
> > Also I have noticed that the fields tend to get truncated:
> >
> > Login Name What TTY When From Location
> > anonymous anonymous shell >999 Tue 16:00 10.10.2.9
> >
> > The IP address above should be 10.10.2.96.
>
> Change the format of the "printf" command in radwho.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list