incorrect shared secret entry authenticates successfully for freerradius

Phil Mayers p.mayers at imperial.ac.uk
Tue Mar 18 17:54:48 CET 2008


Alan DeKok wrote:
> Phil Mayers wrote:
>> If your NAS supply Message-Authenticator, you could refuse packets
>> without one:
> 
>   Edit the "client" section and set "require_message_authenticator = yes".

Ah thanks - I didn't know about that

> 
>   The recommendations of RFC 5080 have been implemented in FreeRADIUS.
> Sometimes years before any other RADIUS server.
> 
>   Apparently Radiator didn't do duplicate detection until RFC 5080...
> see their changelog for the 4.x series.
> 
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list