hostapd + freeradius + windows users problem

Alan DeKok aland at deployingradius.com
Fri Nov 14 15:56:15 CET 2008


Jouni Malinen wrote:
> The exact behavior here depends on the definition of "session". From
> hostapd viewpoint, IEEE 802.11 association is the session and there is
> nothing that would prevent the Supplicant from changing its identity
> string (User-Name in RADIUS) during the re-association if an EAPOL
> reauthenticaton occurs (either from client/Supplicant request as is
> the case here or based on Authenticator timer). Sure, that definition
> of "session" could be modified to arbitrarily start a new session
> should the Supplicant decide to use a different identity in
> re-authentication within the same association, but I would like to see
> a specific requirement for this in an RFC before changing hostapd
> behavior.

  Hostapd should not change.  The supplicants that change Identity in
the middle of a session need to be fixed.

  Alan DeKok.



More information about the Freeradius-Users mailing list