Accounting responce User-Name attribute

Jouni Malinen j
Mon Sep 12 12:00:14 PDT 2011

On Sun, Aug 28, 2011 at 02:37:17AM +0400, newuse at wrote:
> Hi all, I am new to PEAP, RADIUS and hostapd, but is it normal, if in supplicant anonymous_identity is set to "anonymous at", in accounting packets  "anonymous at"  is use as User-Name attribute instead of real User-Name?

Yes, that is expected. The AP/Authenticator does not even know the real
identity since it is sent within the encrypted tunnel.

> Is there any possibility to disable this?

What are you trying to achieve? Many RADIUS servers can internally
resolve the inner identity and use that in accounting records without
having to expose that information to the APs, e.g., with RADIUS Class
attribute. If you really want to expose the real User-Name to the AP and
in the unencrypted Accounting-Request messages, you can configure the
RADIUS authentication server to return the real identity in
Access-Accept message to make hostapd copy it into the accounting

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list