how to do accounting with the inner identity

Eric Doutreleau Eric.Doutreleau at it-sudparis.eu
Mon Jan 24 15:50:54 CET 2011


Alan and alexander thanks for your answer.
I will investigate furthermore about the respect of the RFC2865 from my NAS

Le 24/01/2011 14:21, Alexander Clouter a écrit :
> Eric Doutreleau<Eric.Doutreleau at it-sudparis.eu>  wrote:
>>
>> I m trying to use freeradius 2.1.10 and to make authenticate my users
>> with eap-ttls process and a ldap server for the backend
>>
>> All is running fine but i can't succeed to have the accounting done with
>> the inned identity of the ttls tunnel.
>>
> It all looks fine at your end, as you pass the 'new' User-Name in the
> Access-Accept back to your NAS.  RFC2865 says your NAS *should* then
> mark the Accounting packets appropriately with the new User-Name, this is
> *not* a must though and optional
>
> http://tools.ietf.org/html/rfc2865#section-5.1
>
>> I can see the Username "updated" in the the following debug log but in
>> the accounting it s the outer identity that is used.
>> Does someone know what i can do to make the accounting with the inner
>> identity
>>
>> [snipped: freeradius -X]
>>
> Your debug does not show *any* accounting traffic being sent to
> FreeRADIUS (none that I could see) after your Access-Accept.  If your
> NAS does not send the new User-Name attribute in the Accounting Request,
> then I recommend you wave the RFC2865 link I gave above at your vendor.
>
> Cheers
>



More information about the Freeradius-Users mailing list