We have a homegrown system that requires users to register their devices MAC address. We use this registration as a sort of NAC and to serve DMCA (copyright) notices. The side benefit is that it also allows us to use MAC auth on our open network.
Our mac auth is set to use a radius server to validate the MAC address (the registration server uses free radius against a MYSQL database). Unfortunately when a device is MAC authed the user table shows the MAC as the username of the client. I was told by Jon Green? or Ash? that it was possible to override the username by returning the username as a return attribute.
I finally got around to testing this, unfortunately without luck...
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:339] Radius authenticate user (10:9a:dd:9e:2a:ba) PAP using server netinfo_radius_test
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:1064] Default : setting nas_port_type to wireless
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_request.c:37] Add Request: id=20, srv=129.64.x.x, fd=72
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:839] Sending radius request to netinfo_radius_test:129.64.x.x:1812 id:20,len:211
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] NAS-IP-Address: 129.64.x.x
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] NAS-Port-Id: 0
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] NAS-Port-Type: 19
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] User-Name: 10:9a:dd:9e:2a:ba
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:852] Password: *****
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] Calling-Station-Id: 109ADD9E2ABA
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] Called-Station-Id: 000B866184A8
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] Service-Type: Login-User
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] Aruba-Essid-Name: brandeis_open01
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] Aruba-Location-Id: d8:c7:c8:c0:fc:44
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] Aruba-AP-Group: Test_APGroup
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_server.c:848] Message-Auth: \037\2474\267\230\317F\326\306\235\214\334X\275\030E
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_request.c:60] Find Request: id=20, srv=129.64.x.x, fd=72
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_request.c:66] Current entry: srv=129.64.x.x, fd=72
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_request.c:22] Del Request: id=20, srv=129.64.x.x, fd=72
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:972] Authentication Successful
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:974] RADIUS RESPONSE ATTRIBUTES:
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:989] User-Name: turner
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:989] PW_RADIUS_ID: \024
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:989] Rad-Length: 28
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:989] PW_RADIUS_CODE: \002
Jan 30 18:47:12 :121031: <DBUG> |authmgr| |aaa| [rc_api.c:989] PW_RAD_AUTHENTICATOR: \3352V$l\016\331T\2544}/H\275\214#
(feld-3200-test1) # show user-table
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ----
129.64.x.x 10:9a:dd:9e:2a:ba 10:9a:dd:9e:2a:ba Brandeis-Mac-Auth 00:00:03 MAC N/A Wireless brandeis_open01/d8:c7:c8:8f:c4:51/a-HT brandeis-mac tunnel
User Entries: 1/1
What am I doing wrong? should I be setting Full-Name? or Strip-User-Name?