subject:"RE\: EAP and accounting"

Re: EAP and Accounting

2011-02-11 Thread James J J Hooper




--On Thursday, February 10, 2011 08:25:13 -0500 David Peterson 
dav...@wirelessconnections.net wrote:



I am working with a NAS that only sends accounting packets with the EAP
style username.  Other than matching up
=7Bam=3D1=7df717cc32fff26ff29ca0baac5833f...@wimax.com with
b...@wimax.com manually in the database are there other methods for
achieving this?


Configure RADIUS to send the inner User-Name b...@wimax.com back in the 
outer Access-Accept. Your NAS should then use this User-Name when 
Accounting (if it doesn't, you need to refer to your NAS manufacturer).


Regards,
James


--
James J J Hooper
Network Specialist, University of Bristol
http://www.wireless.bristol.ac.uk   http://www.jamesjj.net
--


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: EAP and accounting

2006-10-30 Thread Angel L. Mateo

El vie, 20-10-2006 a las 09:24 -0400, King, Michael escribió:
 Yes.  It's possible.
 
 Look in eap.conf  In each EAP section (TTLS and PEAP) this code snippet exists
 
 #  The reply attributes sent to the NAS are
 #  usually based on the name of the user
 #  'outside' of the tunnel (usually
 #  'anonymous').  If you want to send the
 #  reply attributes based on the user name
 #  inside of the tunnel, then set this
 #  configuration entry to 'yes', and the reply
 #  to the NAS will be taken from the reply to
 #  the tunneled request.
 #
 # allowed values: {no, yes}
 use_tunneled_reply = no 
 
Hello,

I have this attribute set to yes. With this, the reply my freeradius
server sent to the client is based in the user inside the EAP tunnel,
but the accounting logs are still registered with username anonymous
instead the username inside the tunneled request.

-- 
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información   _o)
y las Comunicaciones Aplicadas (ATICA)  / \\
http://www.um.es/atica_(___V
Tfo: 968367590
Fax: 968398337


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP and accounting

2006-10-30 Thread Alan DeKok

Angel L. Mateo [EMAIL PROTECTED] wrote:
   I have this attribute set to yes. With this, the reply my freeradius
 server sent to the client is based in the user inside the EAP tunnel,
 but the accounting logs are still registered with username anonymous
 instead the username inside the tunneled request.

  Because that's the only user name that the NAS sees.

  Use the Class attribute to set a per-session ID for the user.

  Alan DeKok.
--
  http://deployingradius.com   - The web site of the book
  http://deployingradius.com/blog/ - The blog
- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP and accounting

2006-10-20 Thread Franck

Hi,

with which AP has you this values. Because with my dlink DWL-2000+, EAP
work but i'm not all this infos :(

Franck

 Hello,

   I am developing my freeradius server (version 1.1.2) to use it in a WPA
 wireless environment with EAP authentication.

   Until this moment (without EAP) the accounting information collected by
 freeradius is in the form:

 - detail-MMDD:

 Fri Oct 20 11:07:59 2006
 User-Name = username@realm
 NAS-Port = 2161
 Service-Type = Framed-User
 Framed-Protocol = PPP
 Framed-IP-Address = X.X.X.X
 Class = 0x69636172756d
 Calling-Station-Id = 172.18.201.166
 Acct-Status-Type = Start
 Acct-Session-Id = 15D003FA
 Tunnel-Client-Endpoint:0 = 172.18.201.166
 Acct-Authentic = RADIUS
 Acct-Delay-Time = 0
 NAS-IP-Address = nas IP address
 NAS-Port-Type = Virtual
 Proxy-State = 0x323034
 Client-IP-Address = client ip address
 Acct-Unique-Session-Id = e43a1da655ba3ef3
 Stripped-User-Name = username
 Realm = realm
 Timestamp = 1161335279

 - auth-detail-MMDD:

 Packet-Type = Access-Request
 Fri Oct 20 11:10:14 2006
 User-Name = username@realm
 User-Password = 190482
 NAS-Identifier = nas id
 NAS-IP-Address = nas ip
 Proxy-State = 0x323433
 Client-IP-Address = client ip

   But with EAP the files has the same form, but username is always
 anonymous, because the real authentication is made through the tunnel
 connection.

   I want to know if there is any way to configure radius to log the real
 username instead of anonymous in the log files.

   Thanks.


 --
 Angel L. Mateo Martínez
 Sección de Telemática
 Área de Tecnologías de la Información   _o)
 y las Comunicaciones Aplicadas (ATICA)  / \\
 http://www.um.es/atica_(___V
 Tfo: 968367590
 Fax: 968398337


 -
 List info/subscribe/unsubscribe? See
 http://www.freeradius.org/list/users.html



-- 
http://www.linuxpourtous.com

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

RE: EAP and accounting

2006-10-20 Thread King, Michael

Yes.  It's possible.

Look in eap.conf  In each EAP section (TTLS and PEAP) this code snippet exists

#  The reply attributes sent to the NAS are
#  usually based on the name of the user
#  'outside' of the tunnel (usually
#  'anonymous').  If you want to send the
#  reply attributes based on the user name
#  inside of the tunnel, then set this
#  configuration entry to 'yes', and the reply
#  to the NAS will be taken from the reply to
#  the tunneled request.
#
# allowed values: {no, yes}
use_tunneled_reply = no 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Angel L. Mateo
Sent: Friday, October 20, 2006 5:12 AM
To: FreeRadius users mailing list
Subject: EAP and accounting

Hello,

I am developing my freeradius server (version 1.1.2) to use it in a WPA 
wireless environment with EAP authentication.

Until this moment (without EAP) the accounting information collected by 
freeradius is in the form:

- detail-MMDD:

Fri Oct 20 11:07:59 2006
User-Name = username@realm
NAS-Port = 2161
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = X.X.X.X
Class = 0x69636172756d
Calling-Station-Id = 172.18.201.166
Acct-Status-Type = Start
Acct-Session-Id = 15D003FA
Tunnel-Client-Endpoint:0 = 172.18.201.166
Acct-Authentic = RADIUS
Acct-Delay-Time = 0
NAS-IP-Address = nas IP address
NAS-Port-Type = Virtual
Proxy-State = 0x323034
Client-IP-Address = client ip address
Acct-Unique-Session-Id = e43a1da655ba3ef3
Stripped-User-Name = username
Realm = realm
Timestamp = 1161335279

- auth-detail-MMDD:

Packet-Type = Access-Request
Fri Oct 20 11:10:14 2006
User-Name = username@realm
User-Password = 190482
NAS-Identifier = nas id
NAS-IP-Address = nas ip
Proxy-State = 0x323433
Client-IP-Address = client ip

But with EAP the files has the same form, but username is always 
anonymous, because the real authentication is made through the tunnel 
connection.

I want to know if there is any way to configure radius to log the real 
username instead of anonymous in the log files.

Thanks.


--
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información   _o)
y las Comunicaciones Aplicadas (ATICA)  / \\
http://www.um.es/atica_(___V
Tfo: 968367590
Fax: 968398337


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: EAP and Accounting

RE: EAP and accounting

Re: EAP and accounting

Re: EAP and accounting

RE: EAP and accounting

5 matches

Site Navigation

Mail list logo

Footer information