RE: EAP-TTLS and accounting

Wed, 25 Feb 2004 01:33:17 -0800 

Hi Rok,

I must admit I haven't tested this on freeradius yet but I assumed
there would be a way to return the username in the inner request

I am just starting to use the freeradius server as I only noticed
recently that SecureW2 is being used with this server ;)

I guess if the functionality is not there then it would have to be
added. If not then accounting (using anonnymous outer requests) will 
be impossible...

Regards,

Tom Rixom

> -----Original Message-----
> From: Rok Papež [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, February 25, 2004 10:05 AM
> To: [EMAIL PROTECTED]
> Subject: Re: EAP-TTLS and accounting
> 
> 
> Hello Tom! :)
> 
> Tom Rixom wrote:
> 
>  >>-----Original Message-----
>  >>From: Rok Papež [mailto:[EMAIL PROTECTED]
>  >>
>  >>Has anyone managed to solve the problem with anonymous user
>  >>accounting ?
>  >>
>  >>
>  >>I've only found this message:
>  
> >>http://lists.cistron.nl/pipermail/freeradius-users/2003-Sept
ember/023835.html

> Just return the inner username back to the access point with the Access-Accept 
> message and the access point (if it followes standard procedure) will return
> the Accounting request with the correct inner username.

Yes, this method is explaind in this message from Alan (the link above) 
that I've found. The qustion is how to copy User-Name from the inside of 
the tunnel to the outside :).

modules {
        [...]
         eap {
                [...]
                 ttls {
                         use_tunneled_reply = yes
                 }
         }
}

This doesn't work as User-Name already exists in the outer tunnel.

If I add User-Name override to the /etc/raddb/users via DEFAULT entry 
it doesn't do as the inner User-Name attribute is changed. Plus it is 
not appended to every reply. Not even to a challange :P.

> This has been tested on Cisco 1100 and 1200.

With FreeRADIUS ? Could you please send me the relevant configuration ? 
I read the doc dir quite a lot but can't find a solution to this problem.

-- 
best regards,
Rok Papez.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to