NAS-Port / radwho
Alan DeKok
aland at deployingradius.com
Sat Sep 8 14:56:45 CEST 2018
On Sep 8, 2018, at 1:25 AM, Hans-Christian Esperer <hc at hcesperer.org> wrote:
> I've run into a problem: radwho will only ever display one user per AP at max.
> I've run radiusd -X and also looked into the source code that handles radutmp.
> It seems that the NAS-Port value needs to be unique per user. The APs, however,
> always supply a NAS-Port of 0. I've looked a bit into the hostapd that unifi is
> using, and it seems it is a (heavily) patched version, so no chance to get a
> standard hostapd running.
>
> I've tested with standard hostapd: This does use a unique NAS-Port value when
> sending accounting packets to the radius server, so all concurrently logged in
> users per AP are shown correctly by radwho.
>
> My question is: Is there any way to get radwho/radutmp accounting to work
> correctly even with the NAS-Port always set to 0?
Put the data into an SQL table. The SQL module supports this.
Also, the radutmp file is not scalable. It requires a linear search to find a user. Given that it's 2018 and sqlite exists, everyone is much better off using that.
If you don't want to do that, you can edit the NAS-Port attribute. If the NAS always sends it as zero, why not change it to something else? You'll need to change it consistently, i.e. not via a random number. Perhaps changing it to an MD5 hash of the username might be OK...
...
if (NAS-Port == 0) {
update request {
Tmp-Octets-0 := "%{md5:%{User-Name}}"
}
update request {
NAS-Port := "%{unpack:&Tmp-Octets-0 1 integer}"
}
}
That's a little weird, but it should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list