Simultaneous-Use and UserName sent from NAS

Fajar A. Nugraha list at fajar.net
Fri Jun 10 06:16:15 CEST 2011


On Fri, Jun 10, 2011 at 2:26 AM, Ziggy Bopster <ziggybopster at gmail.com> wrote:
> IV.  Questions:
> 1) Why is the NAS sending so many randomly generated numeric
> "UserName" in the Accounting-Request?
> 2) How can I get the NAS to send the correct Username (Ziggy) instead
> of the randomly generated numbers in the Accounting-Request packets to
> update in SQL?

Ask the NAS vendor.

> 3) I'm confused, should I use radutmp or sql to get Simultaenous-Use
> to work?

SQL should be faster, and easier to manage

> If only sql, can I disable radutmp in configuration files?

Sure.

In fact, once I get EVERYTHING worked out just like I wanted, I
usually remove unnecessary components.
If your all your user configuration and acct data is on sql, then you
should be able to remove some configuration lines (e.g. unix, radutmp,
detail, etc.)

> 4) What do I need to do to get Simultaneous-Use to work properly?

As Alan ponted out, the included doc is a good start.
You need to have radcct table populated with correct values (which is
related to your question #1 and #2).

> 5) Should the default & inner-tunnel files that have the same
> parameters match? (i.e. in authorize {sql} in the default file and the
> authorize {sql} in the inner-tunnel file)

Depends.

If you have some clients  that authenticate using PAP while others
using PEAP/802.1x, then yes. But if ALL your clients only use
PEAP/802.1x, then it shouldn't matter much what you put on
sites-available/default, as long as eap-related options are there.

> 6) Why do I see so many packets for Ziggy trying to authenticate just
> once..   It is not until about Line 1389 in the debug log (see below
> ITEM# 6) that the tunnel actually get's established and the next
> packet on Line 1453 has the Acct-Status-Type = Start?    There is a
> total of about 3174 lines for just one login attempt.

The image on http://revolutionwifi.blogspot.com/2010/09/peapv0-packet-flow-reference.html
might give some illustration on the packets involved in EAP/MSCHAPv2
works

-- 
Fajar




More information about the Freeradius-Users mailing list