<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-15">
</head>
<body text="#000000" bgcolor="#ffffff">
<br>
Hello.<br>
<br>
Sorry to bother with a cross-posting.<br>
I asked about the below on Freeradius list. Looks like it's a NAS
problem.<br>
Would I have better luck with hostap ? <br>
I may install hostap/openwrt but will be nice to know if I DO have a
chance in advance :)<br>
<br>
Ty. Paolo<br>
<br>
<blockquote type="cite">
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">Hello.</span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">I’m
puzzled about eap ttls accounting, namely with
interim-updates.<br>
</span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">My
setup: freeradius 2.1.10 on debian squeeze, mikrotik RouterOs
version 3.13 as NAS.</span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">On
the NAS I enabled eap accounting; on the freeradius I set </span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">copy_request_to_tunnel
= yes<br>
use_tunneled_reply = yes</span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">update
outer.reply {<span><br>
</span>User-Name = "%{request:User-Name}"<br>
}<span><br>
</span></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB"><span></span>If
I look at replay-detail I found<br>
</span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">Fri
Feb 18 09:46:53 2011<span><br>
</span>Packet-Type = Access-Accept<span><br>
</span>User-Name = "cecchinip@esf"<span><br>
</span>MS-MPPE-Recv-Key = 0x86 etc etc </span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">But
when inspecting interim-updates ..</span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">Fri
Feb 18 10:03:53 2011<span><br>
</span>Service-Type = Framed-User<span><br>
</span>NAS-Port-Id = "wlan2"<span><br>
</span>User-Name = "anonymous"<span><br>
</span></span><span style="font-size: 10pt;">Acct-Session-Id
= "82b00004"<span><br>
</span><span> </span>Acct-Multi-Session-Id = "bla
bla ... "<span><br>
</span></span><span style="font-size: 10pt;"
lang="EN-GB">Acct-Authentic = RADIUS<span><br>
</span>Acct-Status-Type = Interim-Update<span><br>
</span>Acct-Session-Time = 1020<span><br>
</span>Acct-Input-Octets = 4117<span><br>
</span>Acct-Input-Gigawords = 0<span><br>
</span>Acct-Input-Packets = 27<span><br>
</span>Acct-Output-Octets = 2515<span><br>
</span>Acct-Output-Gigawords = 0<span><br>
</span>Acct-Output-Packets = 63<span><br>
</span>NAS-Identifier = "EduroamTest"<span><br>
</span><span> </span>NAS-IP-Address = *************<span><br>
</span>Acct-Delay-Time = 0<span><br>
</span>Acct-Unique-Session-Id = "bed886a60e348ed6"<span><br>
</span>Timestamp = 1298019833<span><br>
</span>Request-Authenticator = Verified <br>
</span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">Looks
like the radius honours the request to send out the inner
identity, but the nas get rid of and continue to use
‘anonymous’. <br>
It’s that, is a NAS’s problem or maybe could be something I
misconfigured on freeradius ? <span> </span><span> </span></span></p>
<p class="MsoNormal"><span style="font-size: 10pt;" lang="EN-GB">Any
hint? And thanks in advance.<br>
Paolo.<br>
<br>
</span></p>
</blockquote>
</body>
</html>