problem with outer and inner (User-Name).

Alan DeKok aland at deployingradius.com
Wed Mar 6 22:58:13 CET 2019


On Mar 5, 2019, at 2:50 AM, dg <dg at poczta.tarman.pl> wrote:
> 
> I have problem with identity.
> I am testing it with windows 7 and my cisco switch - ethernet.
> 
> when i log in (and using identity ) i have in logs: 
> Mon Mar  4 18:23:07 2019 : Auth: (36)   Login OK: [tom/<via Auth-Type = eap>]
> (from client SW1 port 0 via TLS tunnel)
> Mon Mar  4 18:23:07 2019 : Auth: (37) Login OK: [whatever/<via Auth-Type =
> eap>] (from client SW1 port 50002 cli A1-A2-04-E7-5C-8D)
> 
> i know that radius logs what its get from NAS but in this case i have problem
> with accounting (its log "whatever" instead of "tom")

  Yes...

> i know that to log the inner User-Name, it needs to be copied from the
> inner-tunnel to the outer.
> 
> in /etc/raddb/sites-enabled/inner-tunnel in post-auth i have
> update outer.session-state {
>            &User-Name := &User-Name
>                    }

  The default configuration in v3 has some sample configuration for this topic.  See sites-available/default, then look in the "post-auth" section.  See also the "post-auth" section of the "inner-tunnel" virtual server.  You should see something like:

	#
	#  If you want the Access-Accept to contain the inner
	#  User-Name, uncomment the following lines.
	#
#	update outer.session-state {
#	       User-Name := &User-Name
#	}


> i also tried (from FreeRADIUS Begginers's Guide):

  That's 10 years old.  I'd ignore it for anything other than general ideas.

> but in logs when i trying to log in i still have:
> 
> Mon Mar  4 18:23:07 2019 : Auth: (36)   Login OK: [tom/<via Auth-Type = eap>]
> (from client SW1 port 0 via TLS tunnel)
> Mon Mar  4 18:23:07 2019 : Auth: (37) Login OK: [whatever/<via Auth-Type =
> eap>] (from client SW1 port 50002 cli A1-A2-04-E7-5C-8D)

  There *is* debug output you can look at to see exactly what the server is doing...

  Alan DeKok.




More information about the Freeradius-Users mailing list