(RADIATOR) TTLS Anonymous and RADONLINE

Michael Harlow Michael.Harlow at utas.edu.au
Wed Jan 28 18:44:47 CST 2004


Hello.

I have TTLS/PAP running (With SQL), and use the eap_anon_hook.pl in both
"PreProcessingHook" and "PostAuthHook", so that the RADONLINE table contains
inner user names, so accounting records contain the inner name, and not
anonymous.

I've turned on SessionDatabase SQL option, to create a table of currently
connected users, and it contains the outer name, not the inner name.

Does anyone know a way around this?

Thanks, Michael


-------------------------------------------------
Michael Harlow              GPO Box 252-69
Network Engineer            Hobart Tasmania 7001
IT Resources                Ph  03 6226 1812
University of Tasmania      Mob 0438 26 1812
Michael.Harlow at utas.edu.au  Fx  03 6226 7171
-------------------------------------------------

+++++++++++++++++++++++++++++++++++++++++++++++++

<SessionDatabase SQL>
        DBSource        dbi:mysql:database=XXXX;host=XXXXX
        DBUsername      XXXX
        DBAuth          XXXX
</SessionDatabase SQL>

<Realm DEFAULT>
        <AuthBy SQL>
                EAPType TTLS
                DBSource        dbi:mysql:database=XXXX;host=XXXX
                DBUsername      XXXX
                DBAuth          XXXX

                AccountingTable ACCOUNTING
                AcctColumnDef   USERNAME,User-Name
                AcctColumnDef   TIME_STAMP,Timestamp,integer
                AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type
                AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
                AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
                AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
                AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
                AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
                AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause
                AcctColumnDef   NASIDENTIFIER,NAS-Identifier
                AcctColumnDef   NASPORT,NAS-Port,integer
                AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
                AcctColumnDef   STATIONID,Calling-Station-Id

                AuthSelect select ENCRYPTEDPASSWORD from SUBSCRIBERS where
USERNAME = '%n'
                EncryptedPassword

                AcctFailedLogFileName %D/missedaccounting

                EAPTLS_CAFile %D/certificates/cacert.pem
                EAPTLS_CertificateFile %D/certificates/xxxx.crt
                EAPTLS_CertificateType PEM
                EAPTLS_PrivateKeyFile %D/certificates/xxxx.key
                EAPTLS_PrivateKeyPassword xxxx
                EAPTLS_MaxFragmentSize 1000
                EAPTLS_SessionResumption no

                AutoMPPEKeys
        </AuthBy>

        # These hooks fix the problem with some implementations of TTLS,
where the
        # accounting requests have the User-Name of anonymous, instead of
the real
        # users name. After authenticating the inner TTLS request, the
        # PostAuthHook caches the _real_ user name in an SQL table,
        # The PreProcessingHook replaces the 'anonymous' user name in
accounting
 	  # requests with the real user name that was previously cached for the
NAS
        # and NAS-Port.
        # You can see the correct real User-Name logged in the
AcctLogFileName

        PreProcessingHook
file:"/usr/local/Radiator-3.8/goodies/eap_anon_hook.pl"
        PostAuthHook file:"/usr/local/Radiator-3.8/goodies/eap_anon_hook.pl"
</Realm>


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list