Inner identity in accounting logs

Alan DeKok aland at
Thu Jan 22 09:23:21 CET 2009

Jonathan Gazeley wrote:
> I have an existing FreeRadius setup for an 802.1x wireless network.
> Currently the accounting is done to a MySQL database. Presently, the
> username appearing in these records is the outer identity. I want to use
> the authenticated inner identity, such that I can rely on my accounting
> data e.g. for billing.

  Update the reply.  In the "inner-tunnel" server, "post-auth" section, add:

	update outer.reply {
		User-Name = "%{User-Name}"

> I know that accounting packets are not sent through the inner-tunnel and
> so I can't simply move my accounting to the inner-tunnel. I suppose what
> I'm after is a way to tie a session at authentication to the associated
> session in accounting. Is there any sort of ID that is used both in
> inner-tunnel authentication and accounting, that can be relied upon?

  Tell the NAS which User-Name you want to see in the accounting
packets.  Most NASes support this feature.

  Alan DeKok.

More information about the Freeradius-Users mailing list