Inner identity in accounting logs
Jonathan Gazeley
jonathan.gazeley at bristol.ac.uk
Tue Feb 3 14:03:33 CET 2009
Sorry to 'bump' my previous post. I'm at a loss as to why FreeRADIUS
expands the username as expected, but why this username never makes it
back to the NAS. Does anyone have any ideas?
Thanks,
Jonathan
Jonathan Gazeley wrote:
> I'm running FreeRADIUS 2.1.1.
>
> My config block in the post-auth section of the inner-tunnel server
> currently reads:
>
> update outer.reply {
> User-Name := "testing-%{User-Name}"
> }
>
>
> FR does indeed appear to be using this block:
>
> expand: testing-%{User-Name} -> testing-jg4461
> ++[outer.reply] returns ok
>
> Authenticating with outer ID "qwerty99" and inner ID "jg4461" gives
> output as in the attached log, included to give context. The outer
> server is "uobresnet" and the inner one is still called "inner-tunnel".
>
> So it seems to me like FR is doing what it is being asked to do, but
> maybe this isn't the right thing. Previous tests showed that setting
> the outer ID in the "uobresnet" server does make the NAS use the right
> username.
>
> If anyone can shed any light on this, I'd be very grateful.
>
> Thanks,
> Jonathan
>
>
> Alan DeKok wrote:
>> Jonathan Gazeley wrote:
>>
>>> When added in the "inner-tunnel" server, this block has no effect on
>>> the
>>> content of the Access-Accept packets (as shown by radiusd -X).
>>>
>>
>> Which version are you running? Is it *using* that entry you added?
>>
>> Alan DeKok.
More information about the Freeradius-Users
mailing list