"CHui" <[EMAIL PROTECTED]> wrote: > Since the Radius accounting start-stop are sent by the access point, does it > mean that the AP (Radius client) uses the "outer identity" for Radius > accounting records?
Yes. The inner identity is inside of a TLS tunnel, and the NAS can't see it. > Could this be a Radius client configuration error? Though I don't > recall seeing any configuration options related to Radius client > function in the APs. Has anyone come across with similar situation? Lots of people. There is no really good solution, but there are proposals in front of the IETF. You can try setting the User-Name attribute in the Access-Accept. The NAS *may* remember that, and use it in accounting messages. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
