Accounting responce User-Name attribute

Jouni Malinen j at w1.fi
Mon Sep 12 15:00:14 EDT 2011


On Sun, Aug 28, 2011 at 02:37:17AM +0400, newuse at qip.ru wrote:
> Hi all, I am new to PEAP, RADIUS and hostapd, but is it normal, if in supplicant anonymous_identity is set to "anonymous at myisp.com", in accounting packets  "anonymous at myisp.com"  is use as User-Name attribute instead of real User-Name?

Yes, that is expected. The AP/Authenticator does not even know the real
identity since it is sent within the encrypted tunnel.

> Is there any possibility to disable this?

What are you trying to achieve? Many RADIUS servers can internally
resolve the inner identity and use that in accounting records without
having to expose that information to the APs, e.g., with RADIUS Class
attribute. If you really want to expose the real User-Name to the AP and
in the unencrypted Accounting-Request messages, you can configure the
RADIUS authentication server to return the real identity in
Access-Accept message to make hostapd copy it into the accounting
messages.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list