(RADIATOR) TTLS Anonymous and RADONLINE
Michael Harlow
Michael.Harlow at utas.edu.au
Wed Jan 28 18:44:47 CST 2004
Hello.
I have TTLS/PAP running (With SQL), and use the eap_anon_hook.pl in both
"PreProcessingHook" and "PostAuthHook", so that the RADONLINE table contains
inner user names, so accounting records contain the inner name, and not
anonymous.
I've turned on SessionDatabase SQL option, to create a table of currently
connected users, and it contains the outer name, not the inner name.
Does anyone know a way around this?
Thanks, Michael
-------------------------------------------------
Michael Harlow GPO Box 252-69
Network Engineer Hobart Tasmania 7001
IT Resources Ph 03 6226 1812
University of Tasmania Mob 0438 26 1812
Michael.Harlow at utas.edu.au Fx 03 6226 7171
-------------------------------------------------
+++++++++++++++++++++++++++++++++++++++++++++++++
<SessionDatabase SQL>
DBSource dbi:mysql:database=XXXX;host=XXXXX
DBUsername XXXX
DBAuth XXXX
</SessionDatabase SQL>
<Realm DEFAULT>
<AuthBy SQL>
EAPType TTLS
DBSource dbi:mysql:database=XXXX;host=XXXX
DBUsername XXXX
DBAuth XXXX
AccountingTable ACCOUNTING
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef STATIONID,Calling-Station-Id
AuthSelect select ENCRYPTEDPASSWORD from SUBSCRIBERS where
USERNAME = '%n'
EncryptedPassword
AcctFailedLogFileName %D/missedaccounting
EAPTLS_CAFile %D/certificates/cacert.pem
EAPTLS_CertificateFile %D/certificates/xxxx.crt
EAPTLS_CertificateType PEM
EAPTLS_PrivateKeyFile %D/certificates/xxxx.key
EAPTLS_PrivateKeyPassword xxxx
EAPTLS_MaxFragmentSize 1000
EAPTLS_SessionResumption no
AutoMPPEKeys
</AuthBy>
# These hooks fix the problem with some implementations of TTLS,
where the
# accounting requests have the User-Name of anonymous, instead of
the real
# users name. After authenticating the inner TTLS request, the
# PostAuthHook caches the _real_ user name in an SQL table,
# The PreProcessingHook replaces the 'anonymous' user name in
accounting
# requests with the real user name that was previously cached for the
NAS
# and NAS-Port.
# You can see the correct real User-Name logged in the
AcctLogFileName
PreProcessingHook
file:"/usr/local/Radiator-3.8/goodies/eap_anon_hook.pl"
PostAuthHook file:"/usr/local/Radiator-3.8/goodies/eap_anon_hook.pl"
</Realm>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list