issue with mysql accounting
satko at quanto.nr.sanet.sk
Thu Oct 18 14:48:07 CEST 2007
I have WIFI network based on Cisco Aironet 1130 with WPA/TKIP -
EAP-PEAP. Radius server is freeradius (just upgraded to
1.1.7) with mysql backend (users,accounting). Everything worked fine
for maybe 2 years. Just atm i have a new problem.
Some APs got new IOS and i noticed that now is not sending User-Name like
name at real but is sending MAC address as Username. This "MAC address"
username i got also as system enviroment variables.
On other APs with old IOS i got also problem. Some users got some new
software for connecting to the network(suplicant) where they can set some
"fake" outer username.
Ofc users can authenticate against radius without problems. I think its
because inner authentication variables (MS-CHAPv2 login name?) which
freeradus use for authentication.
So it looks like (for me) that AP is sending "outer" information for
accounting. Maybe there is some option howto force AP to show inner
Back to MYSQL. Mysql atm is logging "fake usernames" or MAC addresses
as UserName into radacc table. BUT mysql is logging correct
username (inner) into radpostauth.
Any chance howto solve this problem ? I want to log username like for
radpostauth. Also want this username as system enviroment variable so i
can make some start/stop scripts where i can use it.
I noticed that TTLS has some options in eap.conf about tunneled-reply or
variables. But i have dozen of users(usually students) which have only
XP/Vista with PEAP plugin. Cannot force them to install TTLS (if TTLS
Tyvm for help.
Bc. Jan 'EIS' Satko Slovak University of Agriculture
network & system manager Tr. A. Hlinku 2
Tel: +421 37 7412 616 949 76 Nitra Slovakia
More information about the Freeradius-Users