using FreeRADIUS Version 1.0.0-pre0, for host , built on Mar 26 2004 we currently experience accounting user-name problems with both cisco APs 1100 and 1200.
first of all, the following config directive:
ttls {
# The reply attributes sent to the NAS are
# usually based on the name of the user
# 'outside' of the tunnel (usually
# 'anonymous'). If you want to send the
# reply attributes based on the user name
# inside of the tunnel, then set this
# configuration entry to 'yes', and the reply
# to the NAS will be taken from the reply to
# the tunneled request.
#
# allowed values: {no, yes}
use_tunneled_reply = yes
}does not seem to change anything in my case, in the Access-Accept message sent by the server, the User-Name is still set to "anonymous".
second of all, what works is to explicitly set the reply-item User-Name to the actual name, e.g.:
artur User-Password == "hello"
User-Name = "artur"in the 'users' file in %prefix%/etc/raddb (detail: and in eap {} to activate the cisco firmware workaround cisco_accounting_username_bug = yes). we had some difficulties to set the reply item to the respective user automatically, like e.g. with %u, it really takes %u as value, but well...
the problem is that we do not use the users file at all. our users are rather stored in a remote SQL data base and I would like to add something like a generic User-Name = %{User-Name} to the reply... but when i add this to the SQL data base, the server takes this "as is" and does not expand the variable (the access accept is sent for the non-existent user called '%{User-Name}'.
what can/should i do to have the tunneled user-name in the access-accept in my case? we tried the expr but that didn't work out...
thanks artur
PS we also tried the 23.04.2004-snapshot with the same result.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
