[RFC] use User-Name and Chargeable-User-Identity für Access-Accept for Accounting Messages even if 802.1X is not used

michael-dev michael-dev
Sun Jul 22 15:06:44 PDT 2012


Hi,

I'm trying to authenticate WPA-PSK users against a remote radius server 
that I cannot control and limit their access (time per day) to the local 
network.
Therefore, I currently have hostapd -> my radius server -> remote 
radius server, where "my radius server" does all the accounting and the 
remote radius server authenticates and returns an accountable 
(chargeable) user identity to my radius server. In order to the track 
per user, I want hostapd to return the chargeable user identity in the 
accounting messages just as with 802.1X (so I can avoid looking that up 
by Calling-Station-Id).

The attached patch therefore adds identity (aka user-name) and 
radius_cui (chargeable user identity) attributes to the struct sta_info, 
that are filled by the radius acl query and used when generating an 
accounting message.
It does not require WPA-PSK to be used to get identity and CUI 
tracking, as the accounting code falls back to sta the sta properties, 
thought the identity/radius_cui values are copied to eapol_state in oder 
the make use of the pmksa caching.

Signed-hostap: M. Braun <michael-dev at fami-braun.de>

Regards,
  M. Braun
-------------- next part --------------
A non-text attachment was scrubbed...
Name: identity-and-cui-for-acl.diff
Type: text/x-c
Size: 9780 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20120723/fccbeab4/attachment.bin 



More information about the Hostap mailing list