Accurate TTLS Radius accounting

Accurate TTLS Radius accounting

Billing the right user Radiator supports wired and Wireless authentication with a range of the new EAP authentication protocols, such as MD5-Challenge, TLS, TTLS, PEAP and LEAP.

Radiator solves an accounting problem created by some protocols that send 'anonymous' requests.

During authentication, some of these protocols, notably TTLS, hide the real user's name inside the encrypted authentication protocol. The plaintext User-Name in the Radius requests is usually set to just 'anonymous' for all requests from all users.

There is a good reason for this: it prevents traffic sniffers from finding out who is actually connecting at any given time, and from using traffic analysis to compromise your network.

The accounting problem that results from this is that the Radius accounting data sent by the wireless Access Point to the Radius server is also for the user 'anonymous'. Therefore any accounting or billing system that just uses the raw Radius accounting data will incorrectly bill all wireless usage to 'anonymous', leading to inaccurate billing of traffic usage.

Radiator provides a way of overcoming this problem and ensuring that wireless usage data is correctly attributed to the correct user. Using an example configuration supplied with the full version of Radiator, you can configure your Radiator to convert the User-Name in Radius accounting data to the correct username, prior to insertion into your billing database.

Radiator's ability to do this is unique: if you want to bill accurately for EAP wireless usage, Radiator is the only Radius server to use.

Back to Radiator techincal page