User-Name missing realm in Access-Accept

David Aldwinckle daldwinc at uwaterloo.ca
Wed Aug 12 17:02:57 CEST 2015


Hi List,

FreeRADIUS Version 2.1.12

It has been brought to my attention that my FreeRadius servers are
responding to proxied requests from eduroam without the suffix portion
of the user name. This is causing accounting issues for other
institutions. 

In inner-tunnel, I have tried to add:

        post-auth {
                update outer.reply {
                        User-Name = "%{request:User-Name}"
                }
        }

I also have use_tunneled_reply = yes in eap.conf

I see the Access-Accept messages going out, without the suffix:

Sending Access-Accept of id 62 to 142.231.112.1 port 53243
	MS-MPPE-Recv-Key =
0xd720476081b3ec7b8f7529a32f4c2c06f786a2c39aa888c7f157784db7673b47
	MS-MPPE-Send-Key =
0x593de7fcae5ba512dec5d348b4500dea9ba73044c2c68ee661f7214a073377dd
	EAP-Message = 0x030b0004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "user1"
	Proxy-State = 0x4f53432d457874656e6465642d49643d3138323338

What I want to see is:

Sending Access-Accept of id 62 to 142.231.112.1 port 53243
	MS-MPPE-Recv-Key =
0xd720476081b3ec7b8f7529a32f4c2c06f786a2c39aa888c7f157784db7673b47
	MS-MPPE-Send-Key =
0x593de7fcae5ba512dec5d348b4500dea9ba73044c2c68ee661f7214a073377dd
	EAP-Message = 0x030b0004
	Message-Authenticator = 0x00000000000000000000000000000000
	User-Name = "user1 at realm.com"
	Proxy-State = 0x4f53432d457874656e6465642d49643d3138323338

What am I missing?

Thanks,
Dave




More information about the Freeradius-Users mailing list