Hello, I think my question ist quite related to yours although we do EAP-TTLS, i.e. PAP inside the tunnel.
> I have a question regarding the way accounting is done. I configured > freeradius 1.0.1 with openssl and mysql support on a Fedora Core 3 > system. I'm using it with PEAP and TLS for wireless authentication. > The authentication works fine, but the accounting packets are always > missing the username and the IPs of client and NAS seem to be > interchanged. - as for User-Name, freeradius normally logs the User-Name outside of the tunnel. Use use_tunneled_reply = yes in the relevant portion of eap.conf (thanks to Michael Poser) - IP-Address is a bit more nasty: NAS-IP-Address should indeed indicate the IP Address of your wireless AP and may be used in alternation with NAS-Identifier AFAIK, Client-IP-Address refers to a RADIUS client, i.e. your AP or a RADIUS proxy server The WLAN supplicant's IP-Address never shows up, simply because there is none, at least not at the time of authentication. The entire 802.1x authentication is done on the link layer, i.e. layer 2. In theory, the wireless client could go ahead and talk IPX, DECNET, AppleTalk or whatever protocols are available. In practice, however, the vast majority of WLAN CLients nowadays will use IP and IPv4 in particular -- and of course, you need the assigned IP addresses in your logfile (at least we do). Most sites will hand out these addresses via DHCP after the authentication is done. So I'm going to cook up some simple perl programs to integrate ISC dhcpd's logfiles with those from freeradius' and probably simulate a Framed-IP-Address in the detail file. What' a bit funny: Our Cisco AP _does_ record supplicant's IP addresses internally, you can view them with some IOS command. It would indeed be convenient to make it send the address along with every Accounting STOP-Packet, but as of yet we haven't found a way. Any comments or suggestions on this? Martin -- Dr. Martin Pauly Fax: 49-6421-28-26994 HRZ Univ. Marburg Phone: 49-6421-28-23527 Hans-Meerwein-Str. E-Mail: [EMAIL PROTECTED] D-35032 Marburg - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html