hostapd + freeradius + windows users problem

Jouni Malinen jkmalinen at
Thu Nov 13 22:34:00 CET 2008

On Thu, Nov 13, 2008 at 9:22 PM,  <tnt at> wrote:
> "It MAY be sent in an Access-Accept packet, in which case the
>      client SHOULD use the name returned in the Access-Accept packet in
>      all Accounting-Request packets for this session."

And which Access-Accept would this be referring to? The problem here
is that there can be multiple authentication runs (re-authentication
based on supplicant request or authenticator policy) and should the
supplicant change its identity, the second Access-Accept is likely to
have a different identity in that case.

While it may be reasonable to arbitrarily decide to use User-Name (if
present) from the first Access-Accept, it does  not sound like that
good of an idea for a RADIUS server to depend on this behavior based
on current RADIUS RFCs.

- Jouni

More information about the Freeradius-Users mailing list