Inner-tunnel user name in interim-update
aland at deployingradius.com
Mon Feb 21 13:19:19 EST 2011
Jouni Malinen wrote:
> On Sat, Feb 19, 2011 at 01:16:42PM +0100, 1839 at uniurb.it wrote:
>> I asked about the below on Freeradius list. Looks like it's a NAS problem.
> Well, depends on who you ask... ;-) If you ask people working with the
> RADIUS server, they will likely point at the NAS and if you ask people
> who work with the NAS, they will likely point at the RADIUS server..
It's always the NAS at fault. :) But I'm biased.
> RFC 2865 does not require RADIUS client to copy the User-Name from
> Access-Accept to accounting messages (it is only a SHOULD, not MUST). As
> such, it may be safer to implement this type of accounting using other
> options available to the RADIUS server.
That will work.
>> Would I have better luck with hostap ?
> Yes, hostapd will update the User-Name based on Access-Accept message
> and then use the new value for accounting messages. Similarly, Class
> attribute(s) are copied to accounting messages.
That won't solve the problem that the NAS is a Mikrotik box. It's
easier just to run one RADIUS server, and do all of the magic there.
More information about the HostAP