Re: [PATCH v4] Define and implement a nas-identifier-use-bssid config option

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Feb 28, 2016 at 08:54:07PM +0200, Jouni Malinen wrote:
> It would make sense to provide more guidance and recommendations on how
> the nas_identifier should be set in most cases

To get something into hostap.git, I'm planning on adding following:

[PATCH] Document nas_identifier requirements for RADIUS accounting

nas_identifier needs to be set to a unique value for RADIUS accounting
to work properly. This needs to be unique for each BSS.

Signed-off-by: Jouni Malinen <j@xxxxx>
---
 hostapd/hostapd.conf | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index fbc71d3..3d5c5e2 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -909,11 +909,23 @@ eap_server=0
 # The own IP address of the access point (used as NAS-IP-Address)
 own_ip_addr=127.0.0.1
 
-# Optional NAS-Identifier string for RADIUS messages. When used, this should be
-# a unique to the NAS within the scope of the RADIUS server. For example, a
-# fully qualified domain name can be used here.
+# NAS-Identifier string for RADIUS messages. When used, this should be unique
+# to the NAS within the scope of the RADIUS server. Please note that hostapd
+# uses a separate RADIUS client for each BSS and as such, a unique
+# nas_identifier value should be configured separately for each BSS. This is
+# particularly important for cases where RADIUS accounting is used
+# (Accounting-On/Off messages are interpreted as clearing all ongoing sessions
+# and that may get interpreted as applying to all BSSes if the same
+# NAS-Identifier value is used.) For example, a fully qualified domain name
+# prefixed with a unique identifier of the BSS (e.g., BSSID) can be used here.
+#
 # When using IEEE 802.11r, nas_identifier must be set and must be between 1 and
 # 48 octets long.
+#
+# It is mandatory to configure either own_ip_addr or nas_identifier to be
+# compliant with the RADIUS protocol. When using RADIUS accounting, it is
+# strongly recommended that nas_identifier is set to a unique value for each
+# BSS.
 #nas_identifier=ap.example.com
 
 # RADIUS client forced local IP address for the access point
-- 
1.9.1


-- 
Jouni Malinen                                            PGP id EFC895FA

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux