FreeRadius 3.0.17 - outer tunnel username in accounting logs instead of inner tunnel username

Alex Perez-Mendez Alex.Perez-Mendez at jisc.ac.uk
Tue Nov 20 16:36:19 CET 2018 

Hi Thorsten,

We found a similar issues where User-Name was being duplicate, having 
both, inner and outer values.
That made that some NAS were taking the outer one since it appeared first.

We pushed a fix upstream
https://github.com/FreeRADIUS/freeradius-server/pull/2297/commits/ad3791dc84200de9d2a37a9d31b87eaaca70a75e#diff-fabb0758705436cfa7405398e3f62e30

If your issue is the same, you just need to backport that change to your 
"default" site and check whether it fixes it.

Best regards,
Alejandro

El 19/11/18 a las 16:05, Thorsten Fritsch escribió:
> Hi guys,
>
> we have recently upgraded our FreeRadius to release 3.0.17 and are now facing the issue that the accounting logs
> seem to contain the username provided in the anonymous (outer) identity field instead of the username used for the inner tunnel. This makes it
> hard to identify our eduroam users (user tracking).
>
> Has something changed in FreeRadius 3.x regarding thise behavior ? In my understanding the Radius server should provide the inner tunnel username to the NAS (in our
> case Cisco WLAN Controller) by parameter use_tunneled_reply = yes in the eap file under /mods-enabled which the NAS can then in turn provide to the Accounting server is that correct ?
> We have set this setting to yes in our config:
>
> ttls {
>                  tls = tls-common
>                  default_eap_type = mschapv2
>                  copy_request_to_tunnel = yes
>                  use_tunneled_reply = yes
>                  virtual_server = "eduroam-inner-tunnel"
>          }
>
>          peap {
>                  tls = tls-common
>                  default_eap_type = mschapv2
>                  copy_request_to_tunnel = yes
>                  use_tunneled_reply = yes
>                  virtual_server = "eduroam-inner-tunnel"
>          }
>
> Thanks for your help.
>
> Cheers,
> Thorsten
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-- 
Alejandro Perez-Mendez
Technical Specialist (AAA), Trust & Identity
M (+34) 619 333 219
Skype alejandro_perez_mendez
jisc.ac.uk

Jisc is a registered charity (number 1149740) and a company limited by guarantee which is registered in England under Company No. 5747339, VAT No. GB 197 0632 86. Jisc’s registered office is: One Castlepark, Tower Hill, Bristol, BS2 0JA. T 0203 697 5800.

Jisc Services Limited is a wholly owned Jisc subsidiary and a company limited by guarantee which is registered in England under company number 2881024, VAT number GB 197 0632 86. The registered office is: One Castle Park, Tower Hill, Bristol BS2 0JA. T 0203 697 5800.

More information about the Freeradius-Users mailing list