Cleartext username

Thu Aug 26 11:25:30 CEST 2010

Hello list,

I am currently using FreeRADIUS as my AAA server for a WiMAX network. 
Authentication is working perfectly, and the server is performing well. 
As part of my infrastructure-design I need to be able to forcibly kick 
users off the radiolink. As far as I have understood, this needs to be 
done using CoA/Disconnect-Request packets forged to match the NAS 
requirement.

So far, so good.

I have set up this query in my accounting section:
         if("%{sql:SELECT value FROM radcheck WHERE UserName = 
'%{SQL-User-Name}' and attribute = 'Acct-Logout-Now'}") {
                 update disconnect {
                         Reply-Message = "You have been closed."
                 }
         }
as a small test. However, %{SQL-User-Name} is an encrypted version of 
the username, which of course will not match anything in my database.

Thu Aug 26 11:16:42 2010 : Info: (2)     expand: SELECT value FROM 
radcheck WHERE UserName = '%{SQL-User-Name}' and attribute = 
'Acct-Logout-Now' -> SELECT value FROM radcheck WHERE UserName = 
'=8Ham=3D1=7A62345d3c567f85678749f233ebe4577fbad' and attribute = 
'Acct-Logout-Now'
Thu Aug 26 11:16:42 2010 : Debug: rlm_sql (sql): Reserving sql socket id: 0
Thu Aug 26 11:16:42 2010 : Info: (2) SQL query did not return any results
Thu Aug 26 11:16:42 2010 : Debug: rlm_sql (sql): Released sql socket id: 0
Thu Aug 26 11:16:42 2010 : Info: (2)     expand: %{sql:SELECT value FROM 
radcheck WHERE UserName = '%{SQL-User-Name}' and attribute = 
'Acct-Logout-Now'} ->
Thu Aug 26 11:16:42 2010 : Info: (2) ? Evaluating ("%{sql:SELECT value 
FROM radcheck WHERE UserName = '%{SQL-User-Name}' and attribute = 
'Acct-Logout-Now'}") -> FALSE
Thu Aug 26 11:16:42 2010 : Info: (2) ++? if ("%{sql:SELECT value FROM 
radcheck WHERE UserName = '%{SQL-User-Name}' and attribute = 
'Acct-Logout-Now'}") -> FALSE

How can I get the username in a cleartext format?

Thanks in advance,

- Kristoffer Milligan