Unencrypted username in radacct/radpostauth for ttls tunnel authenticated user
James T. Mugauri
james at africonnect.co.zm
Wed Oct 26 15:34:14 CEST 2011
On 10/26/2011 02:49 PM, freeradius-users-request at lists.freeradius.org
wrote:
> On Access-Accept, store the unencrypted User-Name in the DB, along
> with a Class attribute. When you receive an accounting packet, look up
> the Class attribute to find the unencrypted User-Name.
Thanks
I notice when running in debug mode, I have:
[ttls] Got tunneled request
User-Name = "testairspan at iconnect.zm"
User-Password = "airspan"
FreeRADIUS-Proxied-To = 127.0.0.1
[ttls] Sending tunneled request
User-Name = "testairspan at iconnect.zm"
User-Password = "airspan"
FreeRADIUS-Proxied-To = 127.0.0.1
Calling-Station-Id = "00-1f-fb-20-7b-0e"
Service-Type = Framed-User
NAS-Port-Type = Wireless-802.16
WiMAX-Release = "1.0"
...
...
...
[sql] expand: %{User-Name} -> testairspan at iconnect.zm
[sql] sql_set_user escaped user --> 'testairspan at iconnect.zm'
The user is then correctly authenticated and receives the relevant
parameters
What attribute contains the unencrypted username, and at which stage of
the inner-tunnel session can I retrieve it?
>
> That's pretty much the only way with WiMAX.
>
> Alan DeKok
More information about the Freeradius-Users
mailing list