We're bringing a Cisco (formerly Airespace) lightweight wireless system online, and I'm seeing some odd things in the accounting. Specifically, the usernames can change in the accounting packets. This causes the default SQL queries (at least, the ones for Postgres under 1.1.7) to generate duplicate entries for the session, because the "where" clause includes the username. For example, I might see this: User-Name = "unknown" NAS-Port = 29 NAS-IP-Address = 172.16.x.x Framed-IP-Address = 192.168.x.x NAS-Identifier = "wlan-wism-1-1" Airespace-Wlan-Id = 2 Acct-Session-Id = "47b3193c/00:aa:bb:cc:dd:ee/5746" Acct-Authentic = Remote Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "3602" Acct-Status-Type = Start Calling-Station-Id = "00:aa:bb:cc:dd:ee" Called-Station-Id = "00:1b:d5:08:01:00" ...then a few seconds later User-Name = "THEUSER" NAS-Port = 29 NAS-IP-Address = 172.16.x.x Framed-IP-Address = 192.168.x.x NAS-Identifier = "wlan-wism-1-1" Airespace-Wlan-Id = 2 Acct-Session-Id = "47b3193c/00:aa:bb:cc:dd:ee/5746" Acct-Authentic = RADIUS Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "3602" Acct-Status-Type = Interim-Update Acct-Input-Octets = 105078 Acct-Output-Octets = 72551 Acct-Input-Packets = 754 Acct-Output-Packets = 300 Acct-Session-Time = 74 Acct-Delay-Time = 0 Calling-Station-Id = "00:aa:bb:cc:dd:ee" Called-Station-Id = "00:1b:d5:08:01:00" If the user is on e.g. a windows XP laptop and logs out, I might finally see: User-Name = "host/thelaptop.domain.com" NAS-Port = 29 NAS-IP-Address = 172.16.x.x Framed-IP-Address = 192.168.x.x NAS-Identifier = "wlan-wism-1-1" Airespace-Wlan-Id = 2 Acct-Session-Id = "47b3193c/00:aa:bb:cc:dd:ee/5746" Acct-Authentic = Remote Tunnel-Type:0 = VLAN Tunnel-Medium-Type:0 = IEEE-802 Tunnel-Private-Group-Id:0 = "3602" Acct-Status-Type = Stop Acct-Input-Octets = 1852445 Acct-Output-Octets = 5401691 Acct-Input-Packets = 17608 Acct-Output-Packets = 8630 Acct-Terminate-Cause = User-Request Acct-Session-Time = 30517 Acct-Delay-Time = 0 Calling-Station-Id = "00:aa:bb:cc:dd:ee" Called-Station-Id = "00:1b:d5:08:01:00" It seems the NAS is having a changing view of the authentication username as various events take place, presumably at the EAPOL layer. However it seems to consistently set Acct-Authentic to RADIUS for "real" usernames, and "Remote" for unknown or non-authenticated usernames, so it sort of "knows" this is happening. Now the Cisco WLC (nee Airespace) is a weird bit of kit anyway; it sort of "holds onto" client sessions in case they come back shortly (not unusual for wireless) but I'm wondering if this behaviour is legal, sane or what? I can probably fix our SQL queries, but I thought people might be interested; for interest, what was the original rationale behind the where clause in the default SQL queries: where username='%{SQL-User-Name}' ??