Freeradius-Users Digest, Vol 25, Issue 140
tnt at kalik.co.yu
tnt at kalik.co.yu
Wed May 30 14:56:14 CEST 2007
If you make a very secure and long shared secret and plan to change it
from time to time you should get away with it.
Ivan Kalik
Kalik Informatika ISP
Dana 30/5/2007, "Mati Katz" <matikatz at gmail.com> piše:
>>
>>
>>
>> >The simple answer is don't use dynamic hosts.
>>
>> >FreeRADIUS reads the clients file once at startup, resolves the IP's and
>> >then stores those. It won't know about the new IP until the daemon is
>> >restarted (or in theory HUP'ed when that is fixed).
>>
>> >If you must use dynamic hosts, then you will need to specify an IP range
>> >like this:
>>
>> >client 192.168.0.0/24 {
>> > secret = testing123-1
>> > shortname = private-network-1
>> >}
>>
>> >That would allow a NAS to have any of 254 different IP's and still be
>> >able to talk to FreeRADIUS. It would also allow anyone else on those
>> >IP's who wants to talk to you NAS and can figure out the secret to
>> >potentially do naughty things.
>
>
> Thanks Dennis, i understand what you say but i thought that there is a
>way to use dynamic Dns because not all people have static IP , here in
>Israel at least.
>I understand that using a range of Ip is not secure , isn't it ?
>
>
More information about the Freeradius-Users
mailing list