Inner identity in accounting logs

Jonathan Gazeley jonathan.gazeley at bristol.ac.uk
Tue Feb 3 14:03:33 CET 2009


Sorry to 'bump' my previous post. I'm at a loss as to why FreeRADIUS 
expands the username as expected, but why this username never makes it 
back to the NAS. Does anyone have any ideas?

Thanks,
Jonathan


Jonathan Gazeley wrote:
> I'm running FreeRADIUS 2.1.1.
>
> My config block in the post-auth section of the  inner-tunnel server 
> currently reads:
>
>        update outer.reply {
>                User-Name := "testing-%{User-Name}"
>        }
>
>
> FR does indeed appear to be using this block:
>
>    expand: testing-%{User-Name} -> testing-jg4461
> ++[outer.reply] returns ok
>
> Authenticating with outer ID "qwerty99" and inner ID "jg4461" gives 
> output as in the attached log, included to give context. The outer 
> server is "uobresnet" and the inner one is still called "inner-tunnel".
>
> So it seems to me like FR is doing what it is being asked to do, but 
> maybe this isn't the right thing. Previous tests showed that setting 
> the outer ID in the "uobresnet" server does make the NAS use the right 
> username.
>
> If anyone can shed any light on this, I'd be very grateful.
>
> Thanks,
> Jonathan
>
>
> Alan DeKok wrote:
>> Jonathan Gazeley wrote:
>>  
>>> When added in the "inner-tunnel" server, this block has no effect on 
>>> the
>>> content of the Access-Accept packets (as shown by radiusd -X).
>>>     
>>
>>   Which version are you running?  Is it *using* that entry you added?
>>
>>   Alan DeKok.



More information about the Freeradius-Users mailing list