Re: radwho question....
Hi Thanx for your help. Its working now. I did have the files module commented out in the authorize sectionapologies. Thanx again. Chris. On 04/10/2007, Alan DeKok <[EMAIL PROTECTED]> wrote: > Chris Bradshaw wrote: > > OKI tried using a User-Name of Bob as suggested, > > Maybe. > > The debug log you posted is either NOT the full debug log (-X). OR, > you have deleted all references to the "files" module from radiusd.conf. > > If you tell the server to NOT look at the "users" file, then do NOT be > surprised when it doesn't look at the "users" file. > > I am just astonished at how much effort people put into breaking the > configuration, and then doing even *more* work trying to fix it again. > If you've put huge efforts into destroying the default configuration, > then most of the suggestions here WILL NOT WORK, because they presume > you haven't butchered the configuration to make it useless. > > Start off with the default configuration. Add the LDAP config, and > EAP configuration for certificates. MAKE SURE IT USES THE "users" file. > > THEN try my suggestion. Odds are that it will work. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question....
Chris Bradshaw wrote: > OKI tried using a User-Name of Bob as suggested, Maybe. The debug log you posted is either NOT the full debug log (-X). OR, you have deleted all references to the "files" module from radiusd.conf. If you tell the server to NOT look at the "users" file, then do NOT be surprised when it doesn't look at the "users" file. I am just astonished at how much effort people put into breaking the configuration, and then doing even *more* work trying to fix it again. If you've put huge efforts into destroying the default configuration, then most of the suggestions here WILL NOT WORK, because they presume you haven't butchered the configuration to make it useless. Start off with the default configuration. Add the LDAP config, and EAP configuration for certificates. MAKE SURE IT USES THE "users" file. THEN try my suggestion. Odds are that it will work. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question....
Hi OKI tried using a User-Name of Bob as suggested, but still no joy. I have attached a complete log of everything from the moment I click OK on my Windoze laptop until the laptop says it has authenticated successfully.. Thanx in advance for any help. Chris. rad_recv: Access-Request packet from host 10.11.2.97:1645, id=15, length=147 User-Name = "anonymous" Framed-MTU = 1400 Called-Station-Id = "0019.a90e.f490" Calling-Station-Id = "0090.4b28.86b0" Service-Type = Login-User Message-Authenticator = 0x6c0296cf0997502a20b91d0ab5c7d475 EAP-Message = 0x0202000e01616e6f6e796d6f7573 NAS-Port-Type = Wireless-802.11 NAS-Port = 262 NAS-Port-Id = "262" NAS-IP-Address = 10.11.2.97 NAS-Identifier = "d106-ap1240-1" rlm_ldap: - authorize rlm_ldap: performing user authorization for anonymous radius_xlat: Running registered xlat function of module mschap for string 'User-Name' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 Sending Access-Challenge of id 15 to 10.11.2.97 port 1645 EAP-Message = 0x010300061920 Message-Authenticator = 0x State = 0x6d038dc21b4b7ccc8be83157ba7f8d5d rad_recv: Access-Request packet from host 10.11.2.97:1645, id=16, length=157 User-Name = "anonymous" Framed-MTU = 1400 Called-Station-Id = "0019.a90e.f490" Calling-Station-Id = "0090.4b28.86b0" Service-Type = Login-User Message-Authenticator = 0xd9d6ade7b49bf14e276219d11e1ee016 EAP-Message = 0x020300060315 NAS-Port-Type = Wireless-802.11 NAS-Port = 262 NAS-Port-Id = "262" State = 0x6d038dc21b4b7ccc8be83157ba7f8d5d NAS-IP-Address = 10.11.2.97 NAS-Identifier = "d106-ap1240-1" rlm_ldap: - authorize rlm_ldap: performing user authorization for anonymous radius_xlat: Running registered xlat function of module mschap for string 'User-Name' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 Sending Access-Challenge of id 16 to 10.11.2.97 port 1645 EAP-Message = 0x010400061520 Message-Authenticator = 0x State = 0x3fb35d32290c24764e9db533206bc16a rad_recv: Access-Request packet from host 10.11.2.97:1645, id=17, length=243 User-Name = "anonymous" Framed-MTU = 1400 Called-Station-Id = "0019.a90e.f490" Calling-Station-Id = "0090.4b28.86b0" Service-Type = Login-User Message-Authenticator = 0x933c7e115f5fde84cf641744c34d90b0 EAP-Message = 0x0204005c15800052160301004d0149030197874f93537273cc884c9764aade2de3d77fc2b7cb525ef666b7c6f2e654e0c320e7dfeb3f9185ff7a30f69ffdb50509b95586c30a3edef6c771e5ba95508d9b620002000a0100 NAS-Port-Type = Wireless-802.11 NAS-Port = 262 NAS-Port-Id = "262" State = 0x3fb35d32290c24764e9db533206bc16a NAS-IP-Address = 10.11.2.97 NAS-Identifier = "d106-ap1240-1" rlm_ldap: - authorize rlm_ldap: performing user authorization for anonymous radius_xlat: Running registered xlat function of module mschap for string 'User-Name' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: object not found or got ambiguous search result rlm_ldap: search failed rlm_ldap: ldap_release_conn: Release Id: 0 Sending Access-Challenge of id 17 to 10.11.2.97 port 1645 EAP-Message = 0x0105040a15c0097b160301004a024603014704ce66e2b903fed180ce086543967f9c57c961badbd56be7b080c820177e053b5926050f37c369b4a610ca7ec09f31298036a35ab209957e7050a3ad000a00160301091e0b00091a00091700040830820404308202eca003020102020103300d06092a864886f70d01010405003081b7310b3009060355040613024945311530130603550408130c436f756e7479204b65727279310f300d060355040713065472616c65653120301e060355040a1317496e73746974757465206f6620546563686e6f6c6f6779311b3019060355040b1312436f6d707574696e672053657276696365 EAP-Message = 0x73311b301906035504031312776c616e63612e69747472616c65652e69653124302206092a864886f70d010901161574656368406c6973742e69747472616c65652e6965301e170d3035313030363039333734375a170d3135313030343039333734375a3081b9310b3009060355040613024945311530130603550408130c436f756e7479204b65727279310f300d060355040713065472616c65653120301e060355040a1317496e73746974757465206f6620546563686e6f6c6f6779311b3019060355040b1312436f6d707574696e67205365727669636573311d301b06035504031314776c616e74746c732e69747472616c65652e6965312430 EAP-Message = 0x2206092a864886f70d010901161574656368406c6973742e69747472616c65652e696530820122300d06092a864886f70d01010105000382010f003082010a0282010100e8b055796ce1bfc203326ff6dd538b09d4b736679081c4
Re: radwho question....
Chris Bradshaw wrote:
> The debug output was pretty much the same as my first email. I have
> attached it below anyway. This debug output was taken with freeradius
> 1.1.7 and the following configured:
>
> * Enabled use_tunneled_reply & copy_request_to_tunnel.
>
> * Have the following in the users file:
> DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
>User-Name := `%{User-Name}`
You still have it sending "anonymous" in the Access-Accept. Fix that.
Stop doing anything else until it sends the real user name.
> Am I correct in saying that the NAS will send an Accounting-Request
> using the User-Name it received in the previous Access-Accept?
Yes.
> If so, how can it be the fault of the NAS if freeradius (in spite of
> trying the settings above) is still sending an Access-Accept with
> User-Name set to anonymous?
It's not. You're not configuring FreeRADIUS properly.
Put this at the TOP of the "users" file:
# test
DEFAULT
User-Name := "bob"
# end of test
verify that the final Access-Accept contains the user name "bob", and
the accounting request contains the user name "bob".
Then, delete that entry, and READ THE DEBUG LOG to see why the other
entry you have isn't being used.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question....
The fact that you have added that entry to the users file doesn't mean
that it will get matched and processed. You haven't posted the whole
debug so it's hard to be sure, but my guess is that this is the problem
(from users file):
# When an authentication request is received from the comm server,
# these values are tested. Only the first match is used unless the
# "Fall-Through" variable is set to "Yes".
#
# A special user named "DEFAULT" matches on all usernames.
# You can have several DEFAULT entries. All entries are processed
# in the order they appear in this file. The first entry that
# matches the login-request will stop processing unless you use
# the Fall-Through variable.
#
Ivan Kalik
Kalik Informatika ISP
Dana 3/10/2007, "Chris Bradshaw" <[EMAIL PROTECTED]> piše:
>Hi
>
>The debug output was pretty much the same as my first email. I have
>attached it below anyway. This debug output was taken with freeradius
>1.1.7 and the following configured:
>
>* Enabled use_tunneled_reply & copy_request_to_tunnel.
>
>* Have the following in the users file:
>DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
> User-Name := `%{User-Name}`
>
>Am I correct in saying that the NAS will send an Accounting-Request
>using the User-Name it received in the previous Access-Accept?
>
>If so, how can it be the fault of the NAS if freeradius (in spite of
>trying the settings above) is still sending an Access-Accept with
>User-Name set to anonymous?
>
>TIA
>
>Chris.
>
>
>rlm_ldap: user t00037191 authenticated succesfully
>rlm_sql (sql): Processing sql_postauth
>rlm_sql (sql): Reserving sql socket id: 4
>rlm_sql (sql): Released sql socket id: 4
> TTLS: Got tunneled reply RADIUS code 2
>Tunnel-Private-Group-Id:1 = "90"
>Tunnel-Medium-Type:1 = IEEE-802
>Tunnel-Type:1 = VLAN
>Session-Timeout = 900
>rlm_sql (sql): Processing sql_postauth
>rlm_sql (sql): Reserving sql socket id: 3
>rlm_sql (sql): Released sql socket id: 3
>Sending Access-Accept of id 58 to 10.11.2.91 port 1645
>Tunnel-Private-Group-Id:1 = "90"
>Tunnel-Medium-Type:1 = IEEE-802
>Tunnel-Type:1 = VLAN
>Session-Timeout = 900
>MS-MPPE-Recv-Key =
>0x916f89b88b0096fa19178e281a02f35c1291005c5942e5a2c5e1257e45d0e658
>MS-MPPE-Send-Key =
>0x63d4685ca902be7473bcf3d62d730a77c5fe4648aab0834fac5f41178a424a7d
>EAP-Message = 0x03080004
>Message-Authenticator = 0x
>User-Name = "anonymous"
>rad_recv: Accounting-Request packet from host 10.11.2.91:1646, id=143,
>length=229
>Acct-Session-Id = "2246"
>Called-Station-Id = "0011.5cc7.1be0"
>Calling-Station-Id = "0090.4b28.86b0"
>Cisco-AVPair = "ssid=ittwlan"
>Cisco-AVPair = "vlan-id=90"
>Cisco-AVPair = "nas-location=unspecified"
>User-Name = "anonymous"
>Cisco-AVPair = "connect-progress=Call Up"
>Acct-Authentic = RADIUS
>Acct-Status-Type = Start
>NAS-Port-Type = Wireless-802.11
>Cisco-NAS-Port = "7190"
>NAS-Port = 7190
>Service-Type = Framed-User
>NAS-IP-Address = 10.11.2.91
>Acct-Delay-Time = 0
>rlm_sql (sql): Reserving sql socket id: 2
>rlm_sql (sql): Released sql socket id: 2
>
>
>
>On 03/10/2007, Alan DeKok <[EMAIL PROTECTED]> wrote:
>> Chris Bradshaw wrote:
>> > However, I have tried the suggestions in this reply:
>> >
>> > * Enable use_tunneled_reply & copy_request_to_tunnel (I already had
>> > these enabled).
>> >
>> > * Have the following in the users file:
>> > DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
>> > User-Name := `%{User-Name}`
>>
>> And... what do you see in the Access-Accept when you run in debugging
>> mode?
>>
>> > but it still makes no difference.radwho still returns
>> > 'anonymous' whenever I log in.
>>
>> Stop looking at radwho. It's output is WAY down the chain of cause
>> and effect.
>>
>> 1) ensure that the real user name is in the Access-Accept.
>> If not, make it appear there.
>> 2) ensure that the accounting request contains the real user name
>> If it contains "anonymous", buy a real NAS. Your NAS is broken.
>>
>> After that, radwho *should* do the right thing.
>>
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>-
>List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question....
Hi
The debug output was pretty much the same as my first email. I have
attached it below anyway. This debug output was taken with freeradius
1.1.7 and the following configured:
* Enabled use_tunneled_reply & copy_request_to_tunnel.
* Have the following in the users file:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
User-Name := `%{User-Name}`
Am I correct in saying that the NAS will send an Accounting-Request
using the User-Name it received in the previous Access-Accept?
If so, how can it be the fault of the NAS if freeradius (in spite of
trying the settings above) is still sending an Access-Accept with
User-Name set to anonymous?
TIA
Chris.
rlm_ldap: user t00037191 authenticated succesfully
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 4
rlm_sql (sql): Released sql socket id: 4
TTLS: Got tunneled reply RADIUS code 2
Tunnel-Private-Group-Id:1 = "90"
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Type:1 = VLAN
Session-Timeout = 900
rlm_sql (sql): Processing sql_postauth
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql (sql): Released sql socket id: 3
Sending Access-Accept of id 58 to 10.11.2.91 port 1645
Tunnel-Private-Group-Id:1 = "90"
Tunnel-Medium-Type:1 = IEEE-802
Tunnel-Type:1 = VLAN
Session-Timeout = 900
MS-MPPE-Recv-Key =
0x916f89b88b0096fa19178e281a02f35c1291005c5942e5a2c5e1257e45d0e658
MS-MPPE-Send-Key =
0x63d4685ca902be7473bcf3d62d730a77c5fe4648aab0834fac5f41178a424a7d
EAP-Message = 0x03080004
Message-Authenticator = 0x
User-Name = "anonymous"
rad_recv: Accounting-Request packet from host 10.11.2.91:1646, id=143,
length=229
Acct-Session-Id = "2246"
Called-Station-Id = "0011.5cc7.1be0"
Calling-Station-Id = "0090.4b28.86b0"
Cisco-AVPair = "ssid=ittwlan"
Cisco-AVPair = "vlan-id=90"
Cisco-AVPair = "nas-location=unspecified"
User-Name = "anonymous"
Cisco-AVPair = "connect-progress=Call Up"
Acct-Authentic = RADIUS
Acct-Status-Type = Start
NAS-Port-Type = Wireless-802.11
Cisco-NAS-Port = "7190"
NAS-Port = 7190
Service-Type = Framed-User
NAS-IP-Address = 10.11.2.91
Acct-Delay-Time = 0
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
On 03/10/2007, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Chris Bradshaw wrote:
> > However, I have tried the suggestions in this reply:
> >
> > * Enable use_tunneled_reply & copy_request_to_tunnel (I already had
> > these enabled).
> >
> > * Have the following in the users file:
> > DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
> > User-Name := `%{User-Name}`
>
> And... what do you see in the Access-Accept when you run in debugging
> mode?
>
> > but it still makes no difference.radwho still returns
> > 'anonymous' whenever I log in.
>
> Stop looking at radwho. It's output is WAY down the chain of cause
> and effect.
>
> 1) ensure that the real user name is in the Access-Accept.
> If not, make it appear there.
> 2) ensure that the accounting request contains the real user name
> If it contains "anonymous", buy a real NAS. Your NAS is broken.
>
> After that, radwho *should* do the right thing.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question....
Chris Bradshaw wrote:
> However, I have tried the suggestions in this reply:
>
> * Enable use_tunneled_reply & copy_request_to_tunnel (I already had
> these enabled).
>
> * Have the following in the users file:
> DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
> User-Name := `%{User-Name}`
And... what do you see in the Access-Accept when you run in debugging
mode?
> but it still makes no difference.radwho still returns
> 'anonymous' whenever I log in.
Stop looking at radwho. It's output is WAY down the chain of cause
and effect.
1) ensure that the real user name is in the Access-Accept.
If not, make it appear there.
2) ensure that the accounting request contains the real user name
If it contains "anonymous", buy a real NAS. Your NAS is broken.
After that, radwho *should* do the right thing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question....
Hi
Thanx for the reply.
Firstly, I have just upgraded freeradius to the latest version, but it
didn't make any difference.
I have also looked thru the documentation, and also searched the web
to see if I could find how this might be done. I found a thread on a
similar subject at:
http://www.nabble.com/EAP-TTLS-outer-identity---accounting-t3391290.html
this looks similar to the issue I am seeing.one of your
replies to this thread seems particularly relevant:
http://www.nabble.com/Re%3A-EAP-TTLS-outer-identity---accounting-p9573830.html
However, I have tried the suggestions in this reply:
* Enable use_tunneled_reply & copy_request_to_tunnel (I already had
these enabled).
* Have the following in the users file:
DEFAULT FreeRADIUS-Proxied-To == 127.0.0.1
User-Name := `%{User-Name}`
but it still makes no difference.radwho still returns
'anonymous' whenever I log in.
Not sure where I can go from here.
Thanx in advance for any help.
Chris.
On 03/10/2007, Alan DeKok <[EMAIL PROTECTED]> wrote:
> Chris Bradshaw wrote:
> > Thanx for the reply. I do have 'use_tunneled_reply = yes' in eap.conf,
> > but I am still seeing the outer identity showing up when I use radwho.
>
> As I said, you also have to send the inner tunnel name back in the
> Access-Accept.
> ...
> > Sending Access-Accept of id 7 to 10.11.2.91:1645
> ...
> > User-Name = "anonymous"
>
> See? You're telling the NAS to use "anonymous" for the accounting
> logs. Set the User-Name in the reply for the inner tunnel session, and
> it will be used in the outer session, too.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question....
Chris Bradshaw wrote: > Thanx for the reply. I do have 'use_tunneled_reply = yes' in eap.conf, > but I am still seeing the outer identity showing up when I use radwho. As I said, you also have to send the inner tunnel name back in the Access-Accept. ... > Sending Access-Accept of id 7 to 10.11.2.91:1645 ... > User-Name = "anonymous" See? You're telling the NAS to use "anonymous" for the accounting logs. Set the User-Name in the reply for the inner tunnel session, and it will be used in the outer session, too. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question....
Hi. Thanx for the reply. I do have 'use_tunneled_reply = yes' in eap.conf, but I am still seeing the outer identity showing up when I use radwho. I have run radiusd -A -x and have appended the Access-Accept section to this email. The first line of the log shows the inner identity (my login, cwbshaw) successfully authenticating (via LDAP). I'd be grateful for any help you can offer. TIA Chris. rlm_ldap: user cwbshaw authenticated succesfully rlm_sql (sql): Processing sql_postauth rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 TTLS: Got tunneled reply RADIUS code 2 Tunnel-Private-Group-Id:1 = "90" Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Type:1 = VLAN Session-Timeout = 900 rlm_sql (sql): Processing sql_postauth rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 Sending Access-Accept of id 7 to 10.11.2.91:1645 Tunnel-Private-Group-Id:1 = "90" Tunnel-Medium-Type:1 = IEEE-802 Tunnel-Type:1 = VLAN Session-Timeout = 900 MS-MPPE-Recv-Key = 0xcbc7be67c93e3a3452f943380ee4e2c053fdf02f874781ecfbacf6788fed419d MS-MPPE-Send-Key = 0xfd4d541226142098174d3a748263b2790e59dec67e76fdcc16654357a73e084c EAP-Message = 0x03080004 Message-Authenticator = 0x User-Name = "anonymous" rad_recv: Accounting-Request packet from host 10.11.2.91:1646, id=89, length=229 Acct-Session-Id = "2149" Called-Station-Id = "0011.5cc7.1be0" Calling-Station-Id = "0090.4b28.86b0" Cisco-AVPair = "ssid=ittwlan" Cisco-AVPair = "vlan-id=90" Cisco-AVPair = "nas-location=unspecified" User-Name = "anonymous" Cisco-AVPair = "connect-progress=Call Up" Acct-Authentic = RADIUS Acct-Status-Type = Start NAS-Port-Type = Wireless-802.11 Cisco-NAS-Port = "6965" NAS-Port = 6965 Service-Type = Framed-User NAS-IP-Address = 10.11.2.91 Acct-Delay-Time = 0 rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 Sending Accounting-Response of id 89 to 10.11.2.91:1646 On 02/10/2007, Alan DeKok <[EMAIL PROTECTED]> wrote: > Chris Bradshaw wrote: > > I am using freeradius 1.0.1 on a Red Hat Ent Linux v4 server as an > > authentication backend for our wireless network. > > You really should upgrade, but that's another story. > > > I have noticed that if I run radwho, I seem to only see the name of > > the user from the 'outside' of the tunnel (in this case > > 'anonymous')as a result its not possible to tell who is connected > > at any one time. > > The NAS is responsible for sending the "anonymous" user name. If you > want the NAS to send something different, you have to send the inner > tunnel user name back in the Access-Accept. > > See "use_tunneled_reply" in the configuration for the EAP module. > > > Also I have noticed that the fields tend to get truncated: > > > > Login Name What TTY When From Location > > anonymous anonymous shell >999 Tue 16:00 10.10.2.9 > > > > The IP address above should be 10.10.2.96. > > Change the format of the "printf" command in radwho. > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: radwho question....
Chris Bradshaw wrote: > I am using freeradius 1.0.1 on a Red Hat Ent Linux v4 server as an > authentication backend for our wireless network. You really should upgrade, but that's another story. > I have noticed that if I run radwho, I seem to only see the name of > the user from the 'outside' of the tunnel (in this case > 'anonymous')as a result its not possible to tell who is connected > at any one time. The NAS is responsible for sending the "anonymous" user name. If you want the NAS to send something different, you have to send the inner tunnel user name back in the Access-Accept. See "use_tunneled_reply" in the configuration for the EAP module. > Also I have noticed that the fields tend to get truncated: > > Login Name What TTY When From Location > anonymous anonymous shell >999 Tue 16:00 10.10.2.9 > > The IP address above should be 10.10.2.96. Change the format of the "printf" command in radwho. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
radwho question....
Hi I am using freeradius 1.0.1 on a Red Hat Ent Linux v4 server as an authentication backend for our wireless network. Our wireless clients all use EAP/TTLS (via the SecureW2 client) and the access points are Cisco Aironet 1200's. I have noticed that if I run radwho, I seem to only see the name of the user from the 'outside' of the tunnel (in this case 'anonymous')as a result its not possible to tell who is connected at any one time. Also I have noticed that the fields tend to get truncated: Login Name What TTY When From Location anonymous anonymous shell >999 Tue 16:00 10.10.2.9 The IP address above should be 10.10.2.96. I was just wondering if anyone might know how to fix either of these problems? TIA Chris Bradshaw. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
