I've been searching the mail list about this, but haven't found a definitive sollution.
The scenario, I'm using WPA2 access points, they are setup to authorize users against my freeradius server. The freeradius server is setup to use a MySQL database, and eap-ttls is configured (and that works ok). My Windows clients connect with the SecureW2 (1) supplicant. The problem is that radius accounting requests have the User-Name = anonymous attribute/value, so I can't separate accounting from different users. I've tried to replace the User-Name in the Access-Accept reply, with this configuration: - I have this in the "users" file: DEFAULT FreeradiusProxiedTo == 127.0.0.1 User-Name := "%{User-Name}", FallThrough = yes BTW I've tried User-Name = "%{User-Name} too. And this is the authorize section in radiusd.conf: authorize { preprocess chap mschap suffix eap files sql } The problem is that the Access-Accept reply from freeradius has two User-Name AV pairs, like this: User-Name := "anonymous" User-Name := "damjan" And the accounting packet has the User-Name = "anonymous" AV pair. Shouldn't the := operator in "user" replace the User-Name = "anonymous", or it doesn't because files is before sql in the authorize section, and my users are in the MySQL database?... and if I put sql before files, that DEFAULT entry will not be triggered, am I right? Can I just remove UserName from the "authorize_reply_query" SELECT in sql.conf? Note however that the same radius instance is used for non-EAP clients too, those clients authenticate through chillispot and use plain and simple PAP. My platform is: slackware linux 10.1 openssl-0.9.7e freeradius-1.0.2 (I'd update if that's a sollution but this system has several radius instances (ports) in production use) (1) http://www.securew2.com/ -- damjan | дамјан This is my jabber ID --> [EMAIL PROTECTED] <-- not my mail address!!! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html