Freeradius accounting of inner identity when using PEAP

Alan DeKok aland at deployingradius.com
Tue Dec 27 16:20:45 CET 2011


Pietro Accerboni wrote:
> The problem arises from the tunneled nature of PEAP. Accounting works, i
> guess, only on the esternal attribute User-Name, so all users that
> (correctly) configure outer identity with a generic 'anonymous' is
> logged in the accounting session with the same, useless, username:

  You can send a User-Name back in the Access-Accept.  The NAS will use
it for accounting.

> Is there some practical way to get this information from freeradius or,
> better, 'link' this information with the Accounting-Request packets i
> get from the nas after the authentication phase?

  See eap.conf.  Set "use_tunneled_reply"

  Alan DeKok.



More information about the Freeradius-Users mailing list