Inner-tunnel user name in interim-update

Alan DeKok aland
Mon Feb 21 10:19:19 PST 2011

Jouni Malinen wrote:
> On Sat, Feb 19, 2011 at 01:16:42PM +0100, 1839 at wrote:
>> I asked about the below on Freeradius list. Looks like it's a NAS problem.
> Well, depends on who you ask... ;-)  If you ask people working with the
> RADIUS server, they will likely point at the NAS and if you ask people
> who work with the NAS, they will likely point at the RADIUS server..

  It's always the NAS at fault. :)  But I'm biased.

> RFC 2865 does not require RADIUS client to copy the User-Name from
> Access-Accept to accounting messages (it is only a SHOULD, not MUST). As
> such, it may be safer to implement this type of accounting using other
> options available to the RADIUS server.

  That will work.

>> Would I have better luck with hostap ?
> Yes, hostapd will update the User-Name based on Access-Accept message
> and then use the new value for accounting messages. Similarly, Class
> attribute(s) are copied to accounting messages.

  That won't solve the problem that the NAS is a Mikrotik box.  It's
easier just to run one RADIUS server, and do all of the magic there.

  Alan DeKok.

More information about the Hostap mailing list