User-Name missing realm in Access-Accept
David Aldwinckle
daldwinc at uwaterloo.ca
Wed Aug 12 17:02:57 CEST 2015
Hi List,
FreeRADIUS Version 2.1.12
It has been brought to my attention that my FreeRadius servers are
responding to proxied requests from eduroam without the suffix portion
of the user name. This is causing accounting issues for other
institutions.
In inner-tunnel, I have tried to add:
post-auth {
update outer.reply {
User-Name = "%{request:User-Name}"
}
}
I also have use_tunneled_reply = yes in eap.conf
I see the Access-Accept messages going out, without the suffix:
Sending Access-Accept of id 62 to 142.231.112.1 port 53243
MS-MPPE-Recv-Key =
0xd720476081b3ec7b8f7529a32f4c2c06f786a2c39aa888c7f157784db7673b47
MS-MPPE-Send-Key =
0x593de7fcae5ba512dec5d348b4500dea9ba73044c2c68ee661f7214a073377dd
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "user1"
Proxy-State = 0x4f53432d457874656e6465642d49643d3138323338
What I want to see is:
Sending Access-Accept of id 62 to 142.231.112.1 port 53243
MS-MPPE-Recv-Key =
0xd720476081b3ec7b8f7529a32f4c2c06f786a2c39aa888c7f157784db7673b47
MS-MPPE-Send-Key =
0x593de7fcae5ba512dec5d348b4500dea9ba73044c2c68ee661f7214a073377dd
EAP-Message = 0x030b0004
Message-Authenticator = 0x00000000000000000000000000000000
User-Name = "user1 at realm.com"
Proxy-State = 0x4f53432d457874656e6465642d49643d3138323338
What am I missing?
Thanks,
Dave
More information about the Freeradius-Users
mailing list