Unencrypted username in radacct/radpostauth for ttls tunnel authenticated user
Alan DeKok
aland at deployingradius.com
Wed Oct 26 14:16:18 CEST 2011
James T. Mugauri wrote:
> I have managed to auth a Greenpacket WiMAX MS via an eap ttls tunnel.
> Thanks to Alan's direction earlier, I can also send the service flow
> definitions correctly.
That's good.
> I have now found that subsequent db writes (and logging) associated with
> accounting and postauth functions are the encrypted values (available in
> the tunnel?). Is there a way to ensure that the plaintext values are
> used with all subsequent logging actions?
Use a DB.
On Access-Accept, store the unencrypted User-Name in the DB, along
with a Class attribute. When you receive an accounting packet, look up
the Class attribute to find the unencrypted User-Name.
That's pretty much the only way with WiMAX.
Alan DeKok.
More information about the Freeradius-Users
mailing list