hostapd + freeradius + windows users problem
Jouni Malinen
jkmalinen at gmail.com
Thu Nov 13 22:34:00 CET 2008
On Thu, Nov 13, 2008 at 9:22 PM, <tnt at kalik.net> wrote:
> http://freeradius.org/rfc/rfc2865.html#User-Name
>
> "It MAY be sent in an Access-Accept packet, in which case the
> client SHOULD use the name returned in the Access-Accept packet in
> all Accounting-Request packets for this session."
And which Access-Accept would this be referring to? The problem here
is that there can be multiple authentication runs (re-authentication
based on supplicant request or authenticator policy) and should the
supplicant change its identity, the second Access-Accept is likely to
have a different identity in that case.
While it may be reasonable to arbitrarily decide to use User-Name (if
present) from the first Access-Accept, it does not sound like that
good of an idea for a RADIUS server to depend on this behavior based
on current RADIUS RFCs.
- Jouni
More information about the Freeradius-Users
mailing list