Proxy Freeradius 3.0.11 remove Message-Authenticator

[LABAT, Xavier]

Thanks for your answers, it work perfectly like this :
pre-proxy {
        update proxy-request {
                Message-Authenticator !* ANY
        }
}

That's what I tried but badly :
pre-proxy {
        update request {
                Message-Authenticator -= "%{request:Message-Authenticator}"
        }

Thanks for your help.

Regards.
Xavier


-----Message d'origine-----
De : Freeradius-Users [mailto:freeradius-users-bounces+xavier.labat=axione.fr at lists.freeradius.org] De la part de Alan DeKok
Envoyé : vendredi 8 avril 2016 15:09
À : FreeRadius users mailing list
Objet : Re: Proxy Freeradius 3.0.11 remove Message-Authenticator

On Apr 8, 2016, at 9:00 AM, LABAT, Xavier <xavier.labat at axione.fr> wrote:
> We would like to upgrade our proxy RADIUS solution from Freeradius 2.2.6 to Freeradius 3.0.11. We collect and switch PPP authentication/accounting requests to our different customers.
> One of them reject all authentication request if they are sent with < Message-Authenticator > attribute. We would like to upgrade without asking any changes to our clients.

  Message-Authenticator was standardized in the year 2000.  If the customers can't support that, they have serious problems.

  But I think I know who the customer is.  And... they should upgrade to a modern RADIUS server.

> We configure the home_server with option "require_message_authenticator = no" in proxy.conf but < Message-Authenticator > attribute is still present in the proxy request.

  Yes.  That option was removed in 3.0.

> Even if it's recommanded, is it possible to remove < Message-Authenticator > attribute in the proxy request ?

  That's what the pre-proxy section is for:

pre-proxy {
	...
	update proxy {
		Message-Authenticator !* ANY
	}
	...
}

  And tell the customer to upgrade to a RADIUS server which has been written in the last 20 years.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-------------- next part --------------
--
Les donnees et renseignements contenus dans ce message sont personnels, confidentiels et secrets. Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee. Si vous n'etes pas le bon destinataire, nous vous demandons de ne pas lire, copier, utiliser ou divulguer cette communication. Nous vous prions de notifier cette erreur a l'expediteur et d'effacer immediatement cette communication de votre systeme.

Any data and information contained in this electronic mail is personal, confidential and secret. Any total or partial publication, use or distribution must be authorized. If you are not the right addressee, we ask you not to read, copy, use or disclose this communication. Please notify this error to the sender and erase at once this communication from your system.