[RADIATOR] Betr.: Radiator EAP-TTLS and Aruba

Peter Havekes p.havekes at avans.nl
Tue Jun 30 06:52:04 CDT 2009 

I think you are looking for eap_acct_username.pl, it's in the goodies directory. I use it to copy the username of the inner request to the outer request, so my wifi logging and stats show usernames instead of anonymous at domain.tld 


-- 

 
Peter Havekes
ICT-Ontwikkeling & AVANS-CSIRT
Avans Hogeschool
Onderwijsboulevard 215
5223 DE 's-Hertogenbosch
Telefoon    0736 295 592
Mobiel       0612917383
Fax           0736295488
email/msn p.havekes at avans.nl

 
- Have you got anything without Spam in it?
- Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
 


>>> Bob Shafer <bshafer at du.edu> 30-6-2009 12:39 P >>>
I attempted to resolve the User-Name issue with EAP-TTLS by using the 
eap-anon-hook.  It worked okay, but I was not comfortable using the 
supplicant's MAC level address, in the calling-station-id, and the only 
consistent attribute reported in both authentication and accounting 
packets, that could be used as a key.

When I contacted Aruba support they suggested this:

"Aruba controller can only review the
outer-eap-id only.  On Freeradius, there is a "copy to outer tunnel"
option under eap.conf which should allow the Radius server to reply
inner-eap-id to User-Name on radius access accept packet to the Aruba
controller.  There is also similar support on the Juniper's steel-belted
radius.  There may be similar on radiator.  Aruba controller will take
this returned User-Name attribute and replace the outer-eap-id from
client and utilize it in radius accounting as well as "show user-table"
output."

I understand what the want, and have an idea about how I might implement 
this, but wondered if someone else had already invented the wheel?

If not, I'm open to ideas about how best to implement it.

Thanks,

Bob

--------------------------------------------------------------------------- 
Op deze e-mail zijn de volgende voorwaarden van toepassing: 
The following conditions apply to this e-mail: 
http://emaildisclaimer.avans.nl 
---------------------------------------------------------------------------

More information about the radiator mailing list