Accounting-On and Accounting-Off being sent on a per-BSS basis not per-NAS
Nick Lowe
nick.lowe at lugatech.com
Fri Feb 26 03:08:55 PST 2016
We ought, strongly, to consider making the NAS-Identifier mandatory,
presently it is not in hostapd which is poor practice.
While it is not mandatory in the RADIUS RFCs, the presence of this
attribute is necessary for the proper operation of RADIUS.
Hostapd should make it mandatory therefore.
I suggest that we consider changing hosapd.conf to contain something like this:
# Mandatory NAS-Identifier, containing a string base value used to identify
# the NAS originating RADIUS packets. This must be unique to the NAS within the
# scope of a RADIUS server. For example, a fully qualified domain name can be
# used here appended with the .
# When using IEEE 802.11r, nas_identifier must be between 1 and 48 octets long.
nas_identifier=ap.example.com
# Whether to append the BSSID to the NAS-Identifier sent in RADIUS packets.
# For example, where the nas_identifier base is configured as ap.example.com, a
# value of the form ap.example.com_00-10-A4-23-19-C0 will be used.
# Where mutiple BSSes are offered by a NAS, each BSS for which RADIUS accounting
# is occuring must be presented as being an individual NAS for Accounting-On and
# Accounting-Off to be handled correctly by a RADIUS server.
nas_identifier_append_bssid=1
Thoughts?
Nick
More information about the Hostap
mailing list