On Sun, Feb 28, 2016 at 07:27:44PM +0000, Nick Lowe wrote: > Not to put words in his mouth, I am sure Alan will say and agree that > hostapd should -never- be in the position that it does not send a > NAS-Identifier. Alan? Wouldn't RADIUS server be able to use NAS-IP-Address for the case where there is only a single BSS per IP address? Sure, that is a subset of all possibilities, but I'd assume this was quite a bit more common case at the early days of RADIUS.. > It is mandatory from the perspective that RADIUS doesn't work reliably > where this is omitted, nor that it is mandatory in the RFC. When you say "RADIUS" here, do you really include authentication in that? I can see the issue related to Accounting-On/Off for RADIUS accounting, but use of NAS-Identifier seems quite a bit less important for RADIUS authentication. > I do think that it is hostapd that should enforce that multiple BSSes > are not being accounted with, where Accounting-On/Accounting-Off are > being sent, with the same or no NAS-Identifier. That is the problem > that we need to solve. Pushing that bad elsewhere seems a mistake to > me. We won't actually see the problem being resolved. A single hostapd process cannot enforce this in cases where multiple hostapd processes are use on the same AP device (one hostapd process per virtual BSS) and there are such AP designs out there.. That said, I think I would be fine with hostapd not sending out Accounting-On/Off for a BSS that does not have nas_identifier configured (which you asked in another email after this). It might be fine to filter out "duplicated" Accounting-On/Off messages also in cases where the same nas_identifier has been configured for multiple BSSes. Though, this is getting somewhat complex and potentially confusing since the start and stop times and sequences may be different and the Accounting-On and Accounting-Off messages may not actually be for the same BSS if BSS0 is started first, BSS1 after it, followed by stopping BSS0 and finally BSS1. That could send out Accounting-On with BSS0 information and Accounting-Off with BSS1 information. Sure, NAS-Identifier would be same, but other information in the messages might point to different BSSID and SSID value (Called-Station-Id). This might be fine for the case where all BSSes are created at the same time (e.g., hostapd process start) and terminated at the same time (e.g., hostapd process end), but it gets problematic with dynamic BSS addition/removal. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap