As a couple of people have noted, if the NAS supports it you can (in order of preference): 1. Return User-Name in Access-Accept which a compliant NAS will then copy to Accounting-Requests 2. Abuse Class in Access-Accept e.g. set it to "user=<name>" then extract that in preacct{} and rewrite the received username in the accounting packets 3. If the NAS sends Acct-Session-Id in Access-Requests, cache or store these in a DB, then do a cache/SQL lookup in preacct{} to find the username from authentication, and rewrite the accounting. You could hack this with NAS-IP-Address & Calling-Station-Id if you're really desperate and the Acct-Session-Id isn't present in Access-Request. If none of these options are available, then you will need to perform offline or near-realtime analysis of your accounting to match auth to acct sessions and discover the real username.