Inner identity in accounting logs

Jonathan Gazeley jonathan.gazeley at bristol.ac.uk
Thu Jan 15 16:31:19 CET 2009


I have an existing FreeRadius setup for an 802.1x wireless network. 
Currently the accounting is done to a MySQL database. Presently, the 
username appearing in these records is the outer identity. I want to use 
the authenticated inner identity, such that I can rely on my accounting 
data e.g. for billing.

I know that accounting packets are not sent through the inner-tunnel and 
so I can't simply move my accounting to the inner-tunnel. I suppose what 
I'm after is a way to tie a session at authentication to the associated 
session in accounting. Is there any sort of ID that is used both in 
inner-tunnel authentication and accounting, that can be relied upon? 
Otherwise am I looking at using something like the MAC address of the 
client?

The other option might be using vendor supplied attributes from the 
Cisco controllers. Has anyone done this before?

Thanks,
Jonathan

----------------------------
Jonathan Gazeley
Systems Support Specialist
ResNet | Wireless & VPN Team
Information Services
University of Bristol
----------------------------




More information about the Freeradius-Users mailing list