Accounting Packets and Anonymous Identity
Selahattin Cilek
selahattin_cilek at hotmail.com
Sat Feb 4 23:03:06 CET 2017
I have been checking the traffic between NASes and FreeRADIUS (2.2.9) and I have come across accounting packets with the User-Name field set to "anonymous."
Sun Nov 13 02:41:50 2016
Acct-Session-Id = "57B6F41F-000014D2"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
User-Name = "anonymous"
NAS-Identifier = "KAT_8_MERDIVEN"
Called-Station-Id = "DC-9F-DB-34-CF-B4:TDV.NET"
NAS-Port-Type = Wireless-802.11
NAS-Port = 0
Calling-Station-Id = "F8-16-54-1E-AB-2C"
Connect-Info = "CONNECT 0Mbps 802.11b"
Acct-Session-Id = "57B6F41F-000014D2"
NAS-IP-Address = 192.168.0.38
FreeRADIUS-Acct-Session-Start-Time = "Nov 13 2016 02:41:50 EET"
Acct-Unique-Session-Id = "6c4322c41296866a"
Timestamp = 1478997710
1. This server does not use MySQL and keeps the accounting data in plain text files. If I were using MySQL as the back-end, would I still see the user's name as "anonymous" in the "radacct.username" field?
2. Is it possible to find the true identity of the user by means of reading some files or an SQL query and using the other data provided in the packet such as Acct-Session-Id, Calling-Station-Id or Acct-Unique-Session-Id etc?
________________________________
[Avast logo] <https://www.avast.com/antivirus>
This email has been checked for viruses by Avast antivirus software.
www.avast.com<https://www.avast.com/antivirus>
More information about the Freeradius-Users
mailing list