Re: Unencrypted username in radacct/radpostauth for ttls tunnel authenticated user
James T. Mugauri wrote: I have managed to auth a Greenpacket WiMAX MS via an eap ttls tunnel. Thanks to Alan's direction earlier, I can also send the service flow definitions correctly. That's good. I have now found that subsequent db writes (and logging) associated with accounting and postauth functions are the encrypted values (available in the tunnel?). Is there a way to ensure that the plaintext values are used with all subsequent logging actions? Use a DB. On Access-Accept, store the unencrypted User-Name in the DB, along with a Class attribute. When you receive an accounting packet, look up the Class attribute to find the unencrypted User-Name. That's pretty much the only way with WiMAX. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unencrypted username in radacct/radpostauth for ttls tunnel authenticated user
On 10/26/2011 02:49 PM, freeradius-users-requ...@lists.freeradius.org wrote: On Access-Accept, store the unencrypted User-Name in the DB, along with a Class attribute. When you receive an accounting packet, look up the Class attribute to find the unencrypted User-Name. Thanks I notice when running in debug mode, I have: [ttls] Got tunneled request User-Name = testairs...@iconnect.zm User-Password = airspan FreeRADIUS-Proxied-To = 127.0.0.1 [ttls] Sending tunneled request User-Name = testairs...@iconnect.zm User-Password = airspan FreeRADIUS-Proxied-To = 127.0.0.1 Calling-Station-Id = 00-1f-fb-20-7b-0e Service-Type = Framed-User NAS-Port-Type = Wireless-802.16 WiMAX-Release = 1.0 ... ... ... [sql] expand: %{User-Name} - testairs...@iconnect.zm [sql] sql_set_user escaped user -- 'testairs...@iconnect.zm' The user is then correctly authenticated and receives the relevant parameters What attribute contains the unencrypted username, and at which stage of the inner-tunnel session can I retrieve it? That's pretty much the only way with WiMAX. Alan DeKok - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Unencrypted username in radacct/radpostauth for ttls tunnel authenticated user
James T. Mugauri wrote: On 10/26/2011 02:49 PM, freeradius-users-requ...@lists.freeradius.org wrote: On Access-Accept, store the unencrypted User-Name in the DB, along with a Class attribute. When you receive an accounting packet, look up the Class attribute to find the unencrypted User-Name. Thanks I don't see why. I notice when running in debug mode, I have: [ttls] Got tunneled request User-Name = testairs...@iconnect.zm Which is an unencrypted User-Name. What attribute contains the unencrypted username, and at which stage of the inner-tunnel session can I retrieve it? (a) read my response (b) read the debug output. I fail to understand why this is difficult. I answered your question. The debug log answers your question. And you're still asking questions. Maybe you're looking for an answer to a question you didn't ask. But unless I'm completely incompetent at reading English, I answered your question. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html