On Thu, Nov 13, 2008 at 9:22 PM, <tnt@kalik.net> wrote:
http://freeradius.org/rfc/rfc2865.html#User-Name
"It MAY be sent in an Access-Accept packet, in which case the client SHOULD use the name returned in the Access-Accept packet in all Accounting-Request packets for this session."
And which Access-Accept would this be referring to? The problem here is that there can be multiple authentication runs (re-authentication based on supplicant request or authenticator policy) and should the supplicant change its identity, the second Access-Accept is likely to have a different identity in that case. While it may be reasonable to arbitrarily decide to use User-Name (if present) from the first Access-Accept, it does not sound like that good of an idea for a RADIUS server to depend on this behavior based on current RADIUS RFCs. - Jouni