Hello Phil I guess we don't need a per NAS secret but thought it might help block any customers we don't need. We have a load of wifi hotspots on dynamic ips. We know all their nas ids, but not their ip addresses. That's the main reason for it. I guess the other way would be to use hunt groups or a network id to allow / disallow clients instead of worrying about the nas? J On 24 Oct 2011, at 20:42, Phil Mayers [via FreeRadius] wrote:
On 10/24/2011 08:06 PM, Jennyanydots Napoleon Shoehorn wrote:
The ultimate intention was to use the mac address of the nas and a nas specific shared secret.
Do you really need a per-NAS secret?
In your opinion, are there better ways to deal with dynamic clients?
"It depends". Can you describe your setup in any detail?
If you've got untrusted clients on IP addresses you don't control and can't know ahead of time, then it's really hard. The best solution is "don't do that".
If your NAS and network topology support it, things like VPN tunnels from NAS->radius server with IP assignment might be one option. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Stati... To unsubscribe from Authorising Clients by Calling Station ID Not IP, click here.
-- View this message in context: http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Stati... Sent from the FreeRadius - User mailing list archive at Nabble.com.