On Thu, Nov 13, 2008 at 9:22 PM, <[EMAIL PROTECTED]> wrote: > http://freeradius.org/rfc/rfc2865.html#User-Name > > "It MAY be sent in an Access-Accept packet, in which case the > client SHOULD use the name returned in the Access-Accept packet in > all Accounting-Request packets for this session."
And which Access-Accept would this be referring to? The problem here is that there can be multiple authentication runs (re-authentication based on supplicant request or authenticator policy) and should the supplicant change its identity, the second Access-Accept is likely to have a different identity in that case. While it may be reasonable to arbitrarily decide to use User-Name (if present) from the first Access-Accept, it does not sound like that good of an idea for a RADIUS server to depend on this behavior based on current RADIUS RFCs. - Jouni - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
