With the recent changes to hostapd, the number of outstanding RADIUS issues that I have observed is significantly diminished! Hurrah! :-) I think that we now ought to consider: 1) Ensuring that only DHCP-snooped information is used to populate the value of the Framed-IP-Address attribute in RADIUS accounting so that the value accounted with is more reliable and better protected against spoofing. 2) Implementing an asynchronous Interim-Update when the IP address becomes known or changes. Otherwise the interval has to be waited out before the client's address becomes known, which breaks SSO systems that depend on this value. For context and to understand why this is necessary, I suggest referring to the following thread: https://community.aerohive.com/aerohive/topics/use_the_framed_ip_address_avp_containing_a_clients_ip_address_correctly_in_radius_accounting Other aspects I think still should be looked at is: 3) Making NAS-Port contain the ifindex rather than the aid, which will nearly always be 0. 4) Adding support for the NAS-Port-Id attribute and making this contain the ifname. Both the NAS-Port and NAS-Port-Id can be sent. This is perfectly legal and good practice. -or- 5) Removing the NAS-Port attribute so that it doesn't always contain a value of 0 and then don't add support for the NAS-Port-Id attribute. Cheers, Nick _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
