Hello Phil<div><br></div><div>I guess we don't need a per NAS secret but thought it might help block any customers we don't need.</div><div><br></div><div>We have a load of wifi hotspots on dynamic ips. We know all their nas ids, but not their ip addresses. That's the main reason for it. I guess the other way would be to use hunt groups or a network id to allow / disallow clients instead of worrying about the nas?</div><div><br></div><div>J</div><div><br></div><div><div><div>On 24 Oct 2011, at 20:42, Phil Mayers [via FreeRadius] wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite">
On 10/24/2011 08:06 PM, Jennyanydots Napoleon Shoehorn wrote:
<br><br>> The ultimate intention was to use the mac address of the nas and a nas
<br>> specific shared secret.
<br><br>Do you really need a per-NAS secret?
<br><br>>
<br>> In your opinion, are there better ways to deal with dynamic clients?
<br><br>"It depends". Can you describe your setup in any detail?
<br><br>If you've got untrusted clients on IP addresses you don't control and
<br>can't know ahead of time, then it's really hard. The best solution is
<br>"don't do that".
<br><br>If your NAS and network topology support it, things like VPN tunnels
<br>from NAS->radius server with IP assignment might be one option.
<br>-
<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_top" rel="nofollow" link="external">http://www.freeradius.org/list/users.html</a><br>
<br>
<br>
<hr noshade="noshade" size="1" color="#cccccc">
<div style="color:#444; font: 12px tahoma,geneva,helvetica,arial,sans-serif;">
<div style="font-weight:bold">If you reply to this email, your message will be added to the discussion below:</div>
<a href="http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933898.html" target="_top" rel="nofollow" link="external">http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933898.html</a>
</div>
<div style="color:#666; font: 11px tahoma,geneva,helvetica,arial,sans-serif;margin-top:.4em">
To unsubscribe from Authorising Clients by Calling Station ID Not IP, <a href="" target="_top" rel="nofollow" link="external">click here</a>.
</div></blockquote></div><br></div>
<br/><hr align="left" width="300" />
View this message in context: <a href="http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933910.html">Re: Authorising Clients by Calling Station ID Not IP</a><br/>
Sent from the <a href="http://freeradius.1045715.n5.nabble.com/FreeRadius-User-f2740693.html">FreeRadius - User mailing list archive</a> at Nabble.com.<br/>