Auth All but only for those in my clients.conf
Lewis Bergman
lbergman at wtxs.net
Sun Dec 18 09:05:08 CET 2005
Mojo Jojo wrote:
>>> At this time, the request are authed regardless of the username or
>>> password but they are authed regardless of the client or secret.
>>
>>
>> Not possible.
>
>
> You are correct..
>
> Let me re-phrase after doing a little more testing...
>
> At this time I have an "AuthAll" setup working and it only works for
> request that come from IPs with belong to clients defined in the
> clients.conf file.
>
> But...
>
> I have confirmed 100% that the secret on defined in those clients is
> totally ignored in this situation.
>
> So, I can attempt to login from a defined client using any secret and
> they all work as long as the request is coming from an IP belonging to a
> client defined in the clients.conf file.
>
> I don't care if the secret is ignored personally, just thought some of
> you folks might want to know. As long as the request are only honored
> from authorized IPs this is good enough for the application I am using
> it for.
>
If you look at the way the secret is used you'll find that your use of
auth-type := accept makes it irrelevant.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
More information about the Freeradius-Users
mailing list