Re: EAP and Accounting
--On Thursday, February 10, 2011 08:25:13 -0500 David Peterson dav...@wirelessconnections.net wrote: I am working with a NAS that only sends accounting packets with the EAP style username. Other than matching up =7Bam=3D1=7df717cc32fff26ff29ca0baac5833f...@wimax.com with b...@wimax.com manually in the database are there other methods for achieving this? Configure RADIUS to send the inner User-Name b...@wimax.com back in the outer Access-Accept. Your NAS should then use this User-Name when Accounting (if it doesn't, you need to refer to your NAS manufacturer). Regards, James -- James J J Hooper Network Specialist, University of Bristol http://www.wireless.bristol.ac.uk http://www.jamesjj.net -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP and accounting
El vie, 20-10-2006 a las 09:24 -0400, King, Michael escribió: Yes. It's possible. Look in eap.conf In each EAP section (TTLS and PEAP) this code snippet exists # The reply attributes sent to the NAS are # usually based on the name of the user # 'outside' of the tunnel (usually # 'anonymous'). If you want to send the # reply attributes based on the user name # inside of the tunnel, then set this # configuration entry to 'yes', and the reply # to the NAS will be taken from the reply to # the tunneled request. # # allowed values: {no, yes} use_tunneled_reply = no Hello, I have this attribute set to yes. With this, the reply my freeradius server sent to the client is based in the user inside the EAP tunnel, but the accounting logs are still registered with username anonymous instead the username inside the tunneled request. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 968367590 Fax: 968398337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP and accounting
Angel L. Mateo [EMAIL PROTECTED] wrote: I have this attribute set to yes. With this, the reply my freeradius server sent to the client is based in the user inside the EAP tunnel, but the accounting logs are still registered with username anonymous instead the username inside the tunneled request. Because that's the only user name that the NAS sees. Use the Class attribute to set a per-session ID for the user. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: EAP and accounting
Hi, with which AP has you this values. Because with my dlink DWL-2000+, EAP work but i'm not all this infos :( Franck Hello, I am developing my freeradius server (version 1.1.2) to use it in a WPA wireless environment with EAP authentication. Until this moment (without EAP) the accounting information collected by freeradius is in the form: - detail-MMDD: Fri Oct 20 11:07:59 2006 User-Name = username@realm NAS-Port = 2161 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = X.X.X.X Class = 0x69636172756d Calling-Station-Id = 172.18.201.166 Acct-Status-Type = Start Acct-Session-Id = 15D003FA Tunnel-Client-Endpoint:0 = 172.18.201.166 Acct-Authentic = RADIUS Acct-Delay-Time = 0 NAS-IP-Address = nas IP address NAS-Port-Type = Virtual Proxy-State = 0x323034 Client-IP-Address = client ip address Acct-Unique-Session-Id = e43a1da655ba3ef3 Stripped-User-Name = username Realm = realm Timestamp = 1161335279 - auth-detail-MMDD: Packet-Type = Access-Request Fri Oct 20 11:10:14 2006 User-Name = username@realm User-Password = 190482 NAS-Identifier = nas id NAS-IP-Address = nas ip Proxy-State = 0x323433 Client-IP-Address = client ip But with EAP the files has the same form, but username is always anonymous, because the real authentication is made through the tunnel connection. I want to know if there is any way to configure radius to log the real username instead of anonymous in the log files. Thanks. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 968367590 Fax: 968398337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- http://www.linuxpourtous.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: EAP and accounting
Yes. It's possible. Look in eap.conf In each EAP section (TTLS and PEAP) this code snippet exists # The reply attributes sent to the NAS are # usually based on the name of the user # 'outside' of the tunnel (usually # 'anonymous'). If you want to send the # reply attributes based on the user name # inside of the tunnel, then set this # configuration entry to 'yes', and the reply # to the NAS will be taken from the reply to # the tunneled request. # # allowed values: {no, yes} use_tunneled_reply = no -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Angel L. Mateo Sent: Friday, October 20, 2006 5:12 AM To: FreeRadius users mailing list Subject: EAP and accounting Hello, I am developing my freeradius server (version 1.1.2) to use it in a WPA wireless environment with EAP authentication. Until this moment (without EAP) the accounting information collected by freeradius is in the form: - detail-MMDD: Fri Oct 20 11:07:59 2006 User-Name = username@realm NAS-Port = 2161 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = X.X.X.X Class = 0x69636172756d Calling-Station-Id = 172.18.201.166 Acct-Status-Type = Start Acct-Session-Id = 15D003FA Tunnel-Client-Endpoint:0 = 172.18.201.166 Acct-Authentic = RADIUS Acct-Delay-Time = 0 NAS-IP-Address = nas IP address NAS-Port-Type = Virtual Proxy-State = 0x323034 Client-IP-Address = client ip address Acct-Unique-Session-Id = e43a1da655ba3ef3 Stripped-User-Name = username Realm = realm Timestamp = 1161335279 - auth-detail-MMDD: Packet-Type = Access-Request Fri Oct 20 11:10:14 2006 User-Name = username@realm User-Password = 190482 NAS-Identifier = nas id NAS-IP-Address = nas ip Proxy-State = 0x323433 Client-IP-Address = client ip But with EAP the files has the same form, but username is always anonymous, because the real authentication is made through the tunnel connection. I want to know if there is any way to configure radius to log the real username instead of anonymous in the log files. Thanks. -- Angel L. Mateo Martínez Sección de Telemática Área de Tecnologías de la Información _o) y las Comunicaciones Aplicadas (ATICA) / \\ http://www.um.es/atica_(___V Tfo: 968367590 Fax: 968398337 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html