aboutsummaryrefslogtreecommitdiffstats
path: root/hostapd
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2016-02-28 19:19:14 (GMT)
committerJouni Malinen <j@w1.fi>2016-02-28 19:19:14 (GMT)
commit251953bcb6f1503ce8bb2f1f57b2c2a44c601685 (patch)
treed3d2cd3d2e644b311fb938fc45e736afb3761875 /hostapd
parent902c07a7affcaa7cffaa0d624a4afc0e927e59a2 (diff)
downloadhostap-251953bcb6f1503ce8bb2f1f57b2c2a44c601685.zip
hostap-251953bcb6f1503ce8bb2f1f57b2c2a44c601685.tar.gz
hostap-251953bcb6f1503ce8bb2f1f57b2c2a44c601685.tar.bz2
Document nas_identifier requirements for RADIUS accounting
nas_identifier needs to be set to a unique value for RADIUS accounting to work properly. This needs to be unique for each BSS. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'hostapd')
-rw-r--r--hostapd/hostapd.conf18
1 files changed, 15 insertions, 3 deletions
diff --git a/hostapd/hostapd.conf b/hostapd/hostapd.conf
index fbc71d3..3d5c5e2 100644
--- a/hostapd/hostapd.conf
+++ b/hostapd/hostapd.conf
@@ -909,11 +909,23 @@ eap_server=0
# The own IP address of the access point (used as NAS-IP-Address)
own_ip_addr=127.0.0.1
-# Optional NAS-Identifier string for RADIUS messages. When used, this should be
-# a unique to the NAS within the scope of the RADIUS server. For example, a
-# fully qualified domain name can be used here.
+# NAS-Identifier string for RADIUS messages. When used, this should be unique
+# to the NAS within the scope of the RADIUS server. Please note that hostapd
+# uses a separate RADIUS client for each BSS and as such, a unique
+# nas_identifier value should be configured separately for each BSS. This is
+# particularly important for cases where RADIUS accounting is used
+# (Accounting-On/Off messages are interpreted as clearing all ongoing sessions
+# and that may get interpreted as applying to all BSSes if the same
+# NAS-Identifier value is used.) For example, a fully qualified domain name
+# prefixed with a unique identifier of the BSS (e.g., BSSID) can be used here.
+#
# When using IEEE 802.11r, nas_identifier must be set and must be between 1 and
# 48 octets long.
+#
+# It is mandatory to configure either own_ip_addr or nas_identifier to be
+# compliant with the RADIUS protocol. When using RADIUS accounting, it is
+# strongly recommended that nas_identifier is set to a unique value for each
+# BSS.
#nas_identifier=ap.example.com
# RADIUS client forced local IP address for the access point