Alan and alexander thanks for your answer.
I will investigate furthermore about the respect of the RFC2865 from my NAS
Le 24/01/2011 14:21, Alexander Clouter a écrit :
Eric Doutreleau<eric.doutrel...@it-sudparis.eu> wrote:
I m trying to use freeradius 2.1.10 and to make authenticate my users
with eap-ttls process and a ldap server for the backend
All is running fine but i can't succeed to have the accounting done with
the inned identity of the ttls tunnel.
It all looks fine at your end, as you pass the 'new' User-Name in the
Access-Accept back to your NAS. RFC2865 says your NAS *should* then
mark the Accounting packets appropriately with the new User-Name, this is
*not* a must though and optional
http://tools.ietf.org/html/rfc2865#section-5.1
I can see the Username "updated" in the the following debug log but in
the accounting it s the outer identity that is used.
Does someone know what i can do to make the accounting with the inner
identity
[snipped: freeradius -X]
Your debug does not show *any* accounting traffic being sent to
FreeRADIUS (none that I could see) after your Access-Accept. If your
NAS does not send the new User-Name attribute in the Accounting Request,
then I recommend you wave the RFC2865 link I gave above at your vendor.
Cheers
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
