hostapd + freeradius + windows users problem
Jouni Malinen
jkmalinen at gmail.com
Thu Nov 13 17:49:30 CET 2008
On Wed, Nov 12, 2008 at 7:34 PM, <tnt at kalik.net> wrote:
>>User "goa" connects and when he turns machine off, new user "host/filteria"(his machine name) appears.
>>Maybe the problems is inside hostapd(which I can't find), but I don't understand why "host/filteria" is updated with "goa" info.
>>
>
> Start packet with one user name, stop with another for the same session -
> NAS (hostapd) is broken.
Could you please point me to a specification that requires User-Name
to remain same for the session?
It looks like what is happening here is a re-authentication using
machine credentials within the same IEEE 802.11 association. If the
client would have re-associated, hostapd should have started a new
session and in this case, there would have been start/stop acct with
"goa" and then start/stop with "hoast/filteria" (using different
session id).
The exact behavior here depends on the definition of "session". From
hostapd viewpoint, IEEE 802.11 association is the session and there is
nothing that would prevent the Supplicant from changing its identity
string (User-Name in RADIUS) during the re-association if an EAPOL
reauthenticaton occurs (either from client/Supplicant request as is
the case here or based on Authenticator timer). Sure, that definition
of "session" could be modified to arbitrarily start a new session
should the Supplicant decide to use a different identity in
re-authentication within the same association, but I would like to see
a specific requirement for this in an RFC before changing hostapd
behavior.
- Jouni
More information about the Freeradius-Users
mailing list