You and Julian are, of course, right about both Radiator and SBR. I
was thinking about the problem from a different angle, where the PEAP/
TTLS session was terminating on a foreign system (as is the case with
roaming, commercial service providers or a distributed education
environment).
Thanks setting the record straight. This topic also reminds me of
Benard Aboba's excellent site on related subjects at http://
www.drizzle.com/~aboba/IEEE?
David
On Jun 1, 2006, at 4:18 PM, Michael Griego wrote:
If, in the RADIUS Access-Accept, a User-Name attribute is included,
then, according to the spec, the NAS *must* use that value in any
accounting records. So, if you can get your RADIUS server to
return the User-Name used in the inner exchange as the User-Name in
the final Access-Accept, then the NAS should use that in the
accounting records.
FreeRADIUS does this by way of a "use-tunneled-reply" option in the
PEAP module setup.
--Mike
On Jun 1, 2006, at 5:27 PM, Julian Y. Koh wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
How are people handling accounting records for your 802.1X
wireless networks?
We're in the process of rolling out EAP-PEAP, and everything is
fine in
terms of our RADIUS accounting records from the APs as long as the
users
leave the "Outer Identity" field blank - we end up with their real
usernames
in the accounting records. However, as soon as they fill in
anything for
"Outer Identity" (Mac OS X) or "Roaming Identity" (Intel Wireless
utility),
that text is what ends up in our accounting records. Obviously
this is
suboptimal in terms of relying on our accounting records for true
accounting
of who was where on our network. Is there any way around this?
FWIW, we're using Cisco 1200 APs with a WLSM/WLSE combo, Steel
Belted RADIUS
talking to an Active Directory back end.
Thanks in advance!
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
Comment: <http://bt.ittns.northwestern.edu/julian/pgppubkey.html>
iQA/AwUBRH9ptA5UB5zJHgFjEQKANgCcDrXkDHD7v+CDJmulrxHcTtVWSdsAn0sj
GgvPA4nr9fM5cY5s0cNVuNly
=TiAV
-----END PGP SIGNATURE-----
--
Julian Y. Koh
<mailto:[EMAIL PROTECTED]>
Network Engineer <phone:
847-467-5780>
Telecommunications and Network Services Northwestern
University
PGP Public Key:<http://bt.ittns.northwestern.edu/julian/
pgppubkey.html>
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://
www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at http://
www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
