radwho question....

Chris Bradshaw cwbshaw at gmail.com
Wed Oct 3 18:20:26 CEST 2007 

Hi....

The debug output was pretty much the same as my first email. I have
attached it below anyway. This debug output was taken with freeradius
1.1.7 and the following configured:

* Enabled use_tunneled_reply & copy_request_to_tunnel.

* Have the following in the users file:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
       User-Name := `%{User-Name}`

Am I correct in saying that the NAS will send an Accounting-Request
using the User-Name it received in the previous Access-Accept?

If so, how can it be the fault of the NAS if freeradius (in spite of
trying the settings above) is still sending an Access-Accept with
User-Name set to anonymous?

TIA

Chris.


rlm_ldap: user t00037191 authenticated succesfully
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
  TTLS: Got tunneled reply RADIUS code 2
        Tunnel-Private-Group-Id:1 = "90"
        Tunnel-Medium-Type:1 = IEEE-802
        Tunnel-Type:1 = VLAN
        Session-Timeout = 900
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
Sending Access-Accept of id 58 to 10.11.2.91 port 1645
        Tunnel-Private-Group-Id:1 = "90"
        Tunnel-Medium-Type:1 = IEEE-802
        Tunnel-Type:1 = VLAN
        Session-Timeout = 900
        MS-MPPE-Recv-Key =
0x916f89b88b0096fa19178e281a02f35c1291005c5942e5a2c5e1257e45d0e658
        MS-MPPE-Send-Key =
0x63d4685ca902be7473bcf3d62d730a77c5fe4648aab0834fac5f41178a424a7d
        EAP-Message = 0x03080004
        Message-Authenticator = 0x00000000000000000000000000000000
        User-Name = "anonymous"
rad_recv: Accounting-Request packet from host 10.11.2.91:1646, id=143,
length=229
        Acct-Session-Id = "00002246"
        Called-Station-Id = "0011.5cc7.1be0"
        Calling-Station-Id = "0090.4b28.86b0"
        Cisco-AVPair = "ssid=ittwlan"
        Cisco-AVPair = "vlan-id=90"
        Cisco-AVPair = "nas-location=unspecified"
        User-Name = "anonymous"
        Cisco-AVPair = "connect-progress=Call Up"
        Acct-Authentic = RADIUS
        Acct-Status-Type = Start
        NAS-Port-Type = Wireless-802.11
        Cisco-NAS-Port = "7190"
        NAS-Port = 7190
        Service-Type = Framed-User
        NAS-IP-Address = 10.11.2.91
        Acct-Delay-Time = 0
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2



On 03/10/2007, Alan DeKok <aland at deployingradius.com> wrote:
> Chris Bradshaw wrote:
> > However, I have tried the suggestions in this reply:
> >
> > * Enable use_tunneled_reply & copy_request_to_tunnel (I already had
> > these enabled).
> >
> > * Have the following in the users file:
> > DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
> >         User-Name := `%{User-Name}`
>
>   And... what do you see in the Access-Accept when you run in debugging
> mode?
>
> > ....but it still makes no difference.....radwho still returns
> > 'anonymous' whenever I log in.
>
>   Stop looking at radwho.  It's output is WAY down the chain of cause
> and effect.
>
>   1) ensure that the real user name is in the Access-Accept.
>      If not, make it appear there.
>   2) ensure that the accounting request contains the real user name
>      If it contains "anonymous", buy a real NAS.  Your NAS is broken.
>
>   After that, radwho *should* do the right thing.
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list