Hi
I m trying to use freeradius 2.1.10 and to make authenticate my users
with eap-ttls process and a ldap server for the backend
All is running fine but i can't succeed to have the accounting done with
the inned identity of the ttls tunnel.
the outer identity is anonym...@it-sudparis.eu
the inner identidy is doutrele.
here is my config
in the eap.conf file i have for the ttls section
copy_request_to_tunnel = yes
use_tunneled_reply = yes
virtual_server = "inner-tunnel"
in the inner-tunnel file i have
post-auth {
update outer.reply {
User-Name := "%{Stripped-User-Name}"
}
I can see the Username "updated" in the the following debug log but in
the accounting it s the outer identity that is used.
Does someone know what i can do to make the accounting with the inner
identity
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=0, length=156
User-Name = "anonym...@it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 11Mbps 802.11b"
EAP-Message =
0x021d01616e6f6e796d6f75734069742d73756470617269732e6575
Message-Authenticator = 0xc12e191df8f2ef431f22b16557a03c7b
# Executing section authorize from file /etc/raddb/sites-enabled/default
+- entering group authorize {...}
++[preprocess] returns ok
++- entering policy rewrite_calling_station_id {...}
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
? Evaluating (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++? if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
+++- entering if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
{...}
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 0201
[request] returns ok
+++- if (request:Calling-Station-Id =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns ok
+++ ... skipping else for request 0: Preceding "if" was taken
++- policy rewrite_calling_station_id returns ok
++? if (User-Name =~ /^%{Calling-Station-ID}$/i)
expand: ^%{Calling-Station-ID}$ -> ^0201$
? Evaluating (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
++? if (User-Name =~ /^%{Calling-Station-ID}$/i) -> FALSE
[auth_log] expand:
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d ->
/var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log]
/var/log/radius/radacct/%{Client-IP-Address}/auth-detail-%Y%m%d expands
to /var/log/radius/radacct/157.159.21.152/auth-detail-20110124
[auth_log] expand: %t -> Mon Jan 24 13:32:42 2011
++[auth_log] returns ok
++[chap] returns noop
++[mschap] returns noop
[suffix] Looking up realm "it-sudparis.eu" for User-Name =
"anonym...@it-sudparis.eu"
[suffix] Found realm "it-sudparis.eu"
[suffix] Adding Stripped-User-Name = "anonymous"
[suffix] Adding Realm = "it-sudparis.eu"
[suffix] Authentication realm is LOCAL.
++[suffix] returns ok
[eap] EAP packet type response id 0 length 29
[eap] No EAP Start, assuming it's an on-going EAP conversation
++[eap] returns updated
[files] users: Matched entry DEFAULT at line 8
[files] users: Matched entry DEFAULT at line 14
++[files] returns ok
++? if (NAS-Identifier == "Chillispot" )
(Attribute NAS-Identifier was not found)
? Evaluating (NAS-Identifier == "Chillispot" ) -> FALSE
++? if (NAS-Identifier == "Chillispot" ) -> FALSE
++[expiration] returns noop
++[logintime] returns noop
[pap] WARNING! No "known good" password found for the user.
Authentication may fail because of this.
++[pap] returns noop
Found Auth-Type = EAP
# Executing group from file /etc/raddb/sites-enabled/default
+- entering group authenticate {...}
[eap] EAP Identity
[eap] processing type tls
[tls] Initiate
[tls] Start returned 1
++[eap] returns handled
Sending Access-Challenge of id 0 to 157.159.21.152 port 38145
Tunnel-Type:0 := VLAN
Tunnel-Medium-Type:0 := IEEE-802
Tunnel-Private-Group-Id:1 = "invites"
EAP-Message = 0x010100061920
Message-Authenticator = 0x
State = 0xedc31135edc208ab4c1716af0bfa702b
Finished request 0.
Going to the next request
Waking up in 4.9 seconds.
rad_recv: Access-Request packet from host 157.159.21.152 port 38145,
id=1, length=151
User-Name = "anonym...@it-sudparis.eu"
NAS-IP-Address = 127.0.0.1
Calling-Station-Id = "02-00-00-00-00-01"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT