Hi..... Thanx for the reply. I do have 'use_tunneled_reply = yes' in eap.conf, but I am still seeing the outer identity showing up when I use radwho.
I have run radiusd -A -x and have appended the Access-Accept section to this email. The first line of the log shows the inner identity (my login, cwbshaw) successfully authenticating (via LDAP). I'd be grateful for any help you can offer. TIA Chris. rlm_ldap: user cwbshaw authenticated succesfully rlm_sql (sql): Processing sql_postauth rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 TTLS: Got tunneled reply RADIUS code 2 Tunnel-Private-Group-Id:1 = "90" Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Type:1 = VLAN Session-Timeout = 900 rlm_sql (sql): Processing sql_postauth rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 Sending Access-Accept of id 7 to 10.11.2.91:1645 Tunnel-Private-Group-Id:1 = "90" Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Type:1 = VLAN Session-Timeout = 900 MS-MPPE-Recv-Key = 0xcbc7be67c93e3a3452f943380ee4e2c053fdf02f874781ecfbacf6788fed419d MS-MPPE-Send-Key = 0xfd4d541226142098174d3a748263b2790e59dec67e76fdcc16654357a73e084c EAP-Message = 0x03080004 Message-Authenticator = 0x00000000000000000000000000000000 User-Name = "anonymous" rad_recv: Accounting-Request packet from host 10.11.2.91:1646, id=89, length=229 Acct-Session-Id = "00002149" Called-Station-Id = "0011.5cc7.1be0" Calling-Station-Id = "0090.4b28.86b0" Cisco-AVPair = "ssid=ittwlan" Cisco-AVPair = "vlan-id=90" Cisco-AVPair = "nas-location=unspecified" User-Name = "anonymous" Cisco-AVPair = "connect-progress=Call Up" Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "6965" NAS-Port = 6965 Service-Type = Framed-User NAS-IP-Address = 10.11.2.91 Acct-Delay-Time = 0 rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 Sending Accounting-Response of id 89 to 10.11.2.91:1646 On 02/10/2007, Alan DeKok <[EMAIL PROTECTED]> wrote: > Chris Bradshaw wrote: > > I am using freeradius 1.0.1 on a Red Hat Ent Linux v4 server as an > > authentication backend for our wireless network. > > You really should upgrade, but that's another story. > > > I have noticed that if I run radwho, I seem to only see the name of > > the user from the 'outside' of the tunnel (in this case > > 'anonymous')....as a result its not possible to tell who is connected > > at any one time. > > The NAS is responsible for sending the "anonymous" user name. If you > want the NAS to send something different, you have to send the inner > tunnel user name back in the Access-Accept. > > See "use_tunneled_reply" in the configuration for the EAP module. > > > Also I have noticed that the fields tend to get truncated: > > > > Login Name What TTY When From Location > > anonymous anonymous shell >999 Tue 16:00 10.10.2.9 > > > > The IP address above should be 10.10.2.96. > > Change the format of the "printf" command in radwho. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html