On Sun, Feb 28, 2016 at 08:54:07PM +0200, Jouni Malinen wrote: > It would make sense to provide more guidance and recommendations on how > the nas_identifier should be set in most cases To get something into hostap.git, I'm planning on adding following: [PATCH] Document nas_identifier requirements for RADIUS accounting nas_identifier needs to be set to a unique value for RADIUS accounting to work properly. This needs to be unique for each BSS. Signed-off-by: Jouni Malinen <j@xxxxx> --- hostapd/hostapd.conf | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf index fbc71d3..3d5c5e2 100644 --- a/hostapd/hostapd.conf +++ b/hostapd/hostapd.conf @@ -909,11 +909,23 @@ eap_server=0 # The own IP address of the access point (used as NAS-IP-Address) own_ip_addr=127.0.0.1 -# Optional NAS-Identifier string for RADIUS messages. When used, this should be -# a unique to the NAS within the scope of the RADIUS server. For example, a -# fully qualified domain name can be used here. +# NAS-Identifier string for RADIUS messages. When used, this should be unique +# to the NAS within the scope of the RADIUS server. Please note that hostapd +# uses a separate RADIUS client for each BSS and as such, a unique +# nas_identifier value should be configured separately for each BSS. This is +# particularly important for cases where RADIUS accounting is used +# (Accounting-On/Off messages are interpreted as clearing all ongoing sessions +# and that may get interpreted as applying to all BSSes if the same +# NAS-Identifier value is used.) For example, a fully qualified domain name +# prefixed with a unique identifier of the BSS (e.g., BSSID) can be used here. +# # When using IEEE 802.11r, nas_identifier must be set and must be between 1 and # 48 octets long. +# +# It is mandatory to configure either own_ip_addr or nas_identifier to be +# compliant with the RADIUS protocol. When using RADIUS accounting, it is +# strongly recommended that nas_identifier is set to a unique value for each +# BSS. #nas_identifier=ap.example.com # RADIUS client forced local IP address for the access point -- 1.9.1 -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap