On Wed, Nov 12, 2008 at 7:34 PM, <tnt@kalik.net> wrote:
User "goa" connects and when he turns machine off, new user "host/filteria"(his machine name) appears. Maybe the problems is inside hostapd(which I can't find), but I don't understand why "host/filteria" is updated with "goa" info.
Start packet with one user name, stop with another for the same session - NAS (hostapd) is broken.
Could you please point me to a specification that requires User-Name to remain same for the session? It looks like what is happening here is a re-authentication using machine credentials within the same IEEE 802.11 association. If the client would have re-associated, hostapd should have started a new session and in this case, there would have been start/stop acct with "goa" and then start/stop with "hoast/filteria" (using different session id). The exact behavior here depends on the definition of "session". From hostapd viewpoint, IEEE 802.11 association is the session and there is nothing that would prevent the Supplicant from changing its identity string (User-Name in RADIUS) during the re-association if an EAPOL reauthenticaton occurs (either from client/Supplicant request as is the case here or based on Authenticator timer). Sure, that definition of "session" could be modified to arbitrarily start a new session should the Supplicant decide to use a different identity in re-authentication within the same association, but I would like to see a specific requirement for this in an RFC before changing hostapd behavior. - Jouni