Class Attribute Missing for Anonymous Users

Selahattin Cilek selahattin_cilek at hotmail.com
Thu Sep 21 21:31:38 CEST 2017


I use FreeRADIUS 3.0.15 and for some strange reason, the Unifi APs 
refuse to append the Class attribute for those users that use anonymous 
identity.

Here are 4 accounting packets that were generated by the same UAP for 
the same user. When she does not use anonymous identity, we see the 
Class attribute. But when she *does* use anonymous identity, the Class 
attribute goes missing:

Thu Sep 21 22:04:09 2017
     Acct-Session-Id = "59C40101-0000000F"
     Acct-Status-Type = Start
     Acct-Authentic = RADIUS
     *User-Name = "53110080806"*
     NAS-Identifier = "802aa8b0fab9"
     NAS-Port = 0
     Called-Station-Id = "80-2A-A8-B1-FA-B9:DAMLA.NET"
     *Calling-Station-Id = "6C-71-D9-2E-61-29"*
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 0Mbps 802.11b"
     *Class = 0x3533313130303830383036*
     NAS-IP-Address = 192.168.0.26
     Event-Timestamp = "Sep 21 2017 22:04:09 +03"
     Timestamp = 1506020649

Thu Sep 21 22:05:06 2017
     Acct-Session-Id = "59C40101-0000000F"
     Acct-Status-Type = Stop
     Acct-Authentic = RADIUS
     *User-Name = "53110080806"*
     NAS-Identifier = "802aa8b0fab9"
     NAS-Port = 0
     Called-Station-Id = "80-2A-A8-B1-FA-B9:DAMLA.NET"
     *Calling-Station-Id = "6C-71-D9-2E-61-29"*
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 0Mbps 802.11b"
     *Class = 0x3533313130303830383036*
     Acct-Session-Time = 58
     Acct-Input-Packets = 445
     Acct-Output-Packets = 228
     Acct-Input-Octets = 88637
     Acct-Output-Octets = 16859
     Event-Timestamp = "Sep 21 2017 22:04:45 +03"
     Acct-Terminate-Cause = User-Request
     NAS-IP-Address = 192.168.0.26
     Timestamp = 1506020706

Thu Sep 21 22:06:02 2017
     Acct-Session-Id = "59C40101-00000010"
     Acct-Status-Type = Start
     Acct-Authentic = RADIUS
     *User-Name = "anonymous"*
     NAS-Identifier = "802aa8b0fab9"
     NAS-Port = 0
     Called-Station-Id = "80-2A-A8-B1-FA-B9:DAMLA.NET"
     *Calling-Station-Id = "6C-71-D9-2E-61-29"*
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 0Mbps 802.11b"
     NAS-IP-Address = 192.168.0.26
     Event-Timestamp = "Sep 21 2017 22:06:02 +03"
     Timestamp = 1506020762

Thu Sep 21 22:18:37 2017
     Acct-Session-Id = "59C40101-00000010"
     Acct-Status-Type = Stop
     Acct-Authentic = RADIUS
     *User-Name = "anonymous"*
     NAS-Identifier = "802aa8b0fab9"
     NAS-Port = 0
     Called-Station-Id = "80-2A-A8-B1-FA-B9:DAMLA.NET"
     *Calling-Station-Id = "6C-71-D9-2E-61-29"*
     NAS-Port-Type = Wireless-802.11
     Connect-Info = "CONNECT 0Mbps 802.11b"
     Acct-Session-Time = 755
     Acct-Input-Packets = 827
     Acct-Output-Packets = 401
     Acct-Input-Octets = 109567
     Acct-Output-Octets = 28858
     Event-Timestamp = "Sep 21 2017 22:18:15 +03"
     Acct-Terminate-Cause = User-Request
     NAS-IP-Address = 192.168.0.26
     Timestamp = 1506021517

I think the UAP is trying to protect the user's privacy and I hate that. 
I will definitely get in touch with Ubnt and ask them to change this 
behaviour. But is there anything I can do on the FreeRADIUS server to 
make sure that the Class attribute is present in all accounting packets?




---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus




More information about the Freeradius-Users mailing list