Adding VSA to hostapd AAA server

Rajesh K talktorajeshk at
Mon Jun 20 15:11:06 PDT 2016

Thanks. I will try this and if it does not work, I will update here.

----- Original Message -----
From: Jouni Malinen <j at>
To: Rajesh K <talktorajeshk at>
Cc: "hostap at" <hostap at>
Sent: Friday, June 17, 2016 1:36 PM
Subject: Re: Adding VSA to hostapd AAA server

On Fri, Jun 17, 2016 at 06:33:04PM +0000, Rajesh K wrote:

>     I am using hostapd as a AAA server in my lab. I want to add some additional RADIUS attributes in the RADIUS Access Accept. Can anyone point me on how to do the same?

See hostapd/hostapd.eap_user and hostapd/hostapd.conf for

# Arbitrary RADIUS attributes can be added into Access-Accept packets similarly
# to the way radius_auth_req_attr is used for Access-Request packet in
# hostapd.conf. For EAP server, this is configured separately for each user
# entry with radius_accept_attr=<value> line(s) following the main user entry
# line.

# Arbitrary RADIUS attributes can be added into Access-Request and
# Accounting-Request packets by specifying the contents of the attributes with
# the following configuration parameters. There can be multiple of these to
# add multiple attributes. These parameters can also be used to override some
# of the attributes added automatically by hostapd.
# Format: <attr_id>[:<syntax:value>]
# attr_id: RADIUS attribute type (e.g., 26 = Vendor-Specific)
# syntax: s = string (UTF-8), d = integer, x = octet string
# value: attribute value in format indicated by the syntax
# If syntax and value parts are omitted, a null value (single 0x00 octet) is
# used.
# Additional Access-Request attributes
# radius_auth_req_attr=<attr_id>[:<syntax:value>]
# Examples:
# Operator-Name = "Operator"
# Service-Type = Framed (2)
# Connect-Info = "testing" (this overrides the automatically generated value)
# Same Connect-Info value set as a hexdump

In other words, you could use something like this in the eap_user_file
to add a VSA:

"hs20-deauth-test"    TTLS-MSCHAPV2    "password"    [2]

Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list