NAS-Port / radwho

Alan DeKok aland at
Sat Sep 8 14:56:45 CEST 2018

On Sep 8, 2018, at 1:25 AM, Hans-Christian Esperer <hc at> wrote:
> I've run into a problem: radwho will only ever display one user per AP at max.
> I've run radiusd -X and also looked into the source code that handles radutmp.
> It seems that the NAS-Port value needs to be unique per user. The APs, however,
> always supply a NAS-Port of 0. I've looked a bit into the hostapd that unifi is
> using, and it seems it is a (heavily) patched version, so no chance to get a
> standard hostapd running.
> I've tested with standard hostapd: This does use a unique NAS-Port value when
> sending accounting packets to the radius server, so all concurrently logged in
> users per AP are shown correctly by radwho.
> My question is: Is there any way to get radwho/radutmp accounting to work
> correctly even with the NAS-Port always set to 0?

  Put the data into an SQL table.  The SQL module supports this.

  Also, the radutmp file is not scalable.  It requires a linear search to find a user.  Given that it's 2018 and sqlite exists, everyone is much better off using that.

  If you don't want to do that, you can edit the NAS-Port attribute.  If the NAS always sends it as zero, why not change it to something else?  You'll need to change it consistently, i.e. not via a random number.  Perhaps changing it to an MD5 hash of the username might be OK...

	if (NAS-Port == 0) {
		update request {
			Tmp-Octets-0 := "%{md5:%{User-Name}}"

		update request {
			NAS-Port := "%{unpack:&Tmp-Octets-0 1 integer}"

  That's a little weird, but it should work.

  Alan DeKok.

More information about the Freeradius-Users mailing list