Le mercredi 16 janvier 2008, Arran Cudbard-Bell a écrit : > Thierry CHICH wrote: > > Le mercredi 16 janvier 2008, Alan DeKok a écrit : > >> Thierry CHICH wrote: > >>> I have an access-point, and I want use EAP/TTLS in order to > >>> authenticate people on my LDAP server. The first time, I had then > >>> something like that: > >> > >> ... > >> > >>> in my intel proset, if I am giving a false identity in my roaming > >>> profile with a good identity and a good password, it is working. The > >>> authorization step doesn't work as I want. The most important problem > >>> is that the accounting is using my roaming profile. > >> > >> Yes. The outer identity is often "anonymous", and does not matter for > >> authentication. > >> > >> If you set the User-Name in the Access-Accept, the NAS *should* use > >> that name for accounting, and not the name from the outer identity. > > > > Thanks for your answer. I am happy to see that it is not totally weird. > > > > But what can I do in order to "set the User-Name in the Access-Accept" ? > > > > When I watch the logs, I see the following events > > > > First, all is going well : > > > > rlm_ldap: user GOOD.NAME authenticated succesfully > > modcall[authenticate]: module "ldap" returns ok for request 6 > > modcall: leaving group LDAP (returns ok) for request 6 > > radius_xlat: '[EMAIL PROTECTED] vous allez acceder en INTERNE au > > Rectorat de Clermont-Ferrand' > > TTLS: Got tunneled reply RADIUS code 2 > > Reply-Message = "[EMAIL PROTECTED] vous allez acceder en > > INTERNE au Rectorat de Clermont-Ferrand" > > TTLS: Got tunneled Access-Accept > > rlm_eap: Freeing handler > > modcall[authenticate]: module "eap" returns ok for request 6 > > modcall: leaving group authenticate (returns ok) for request 6 > > > > But after that good beginning, I come back to the FAKE.NAME I have > > written as my outer identity : > > > > radius_xlat: '[EMAIL PROTECTED] vous allez acceder en INTERNE au > > Rectorat de Clermont-Ferrand' > > Sending Access-Accept of id 13 to 172.30.87.66 port 3689 > > Reply-Message = "[EMAIL PROTECTED] vous allez acceder en > > INTERNE au Rectorat de Clermont-Ferrand" > > MS-MPPE-Recv-Key = > > 0x0c447e72b7c080648ded12ab5990dd20dc9832c2b9a78bf1630fa5fcdac41633 > > MS-MPPE-Send-Key = > > 0x1dd7d8cf377ebc9b47b2cddb290b95aa61140f4fe13d69e52f4102426d3c25ae > > EAP-Message = 0x030d0004 > > Message-Authenticator = 0x00000000000000000000000000000000 > > User-Name = "FAKE.NAME" > > > > > > > > > > > > > > > > - > > List info/subscribe/unsubscribe? See > > http://www.freeradius.org/list/users.html > > What version of FR are you running ?
freeradius Version 1.1.3 ??? I can't believe it ! I thank I was using the version 1.1.6 ! Is it possible it change the beahvior if I upgrade ? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
