incorrect shared secret entry authenticates successfully for freerradius
Alan DeKok
aland at deployingradius.com
Tue Mar 18 15:06:19 CET 2008
Phil Mayers wrote:
> If your NAS supply Message-Authenticator, you could refuse packets
> without one:
Edit the "client" section and set "require_message_authenticator = yes".
The recommendations of RFC 5080 have been implemented in FreeRADIUS.
Sometimes years before any other RADIUS server.
Apparently Radiator didn't do duplicate detection until RFC 5080...
see their changelog for the 4.x series.
Alan DeKok.
More information about the Freeradius-Users
mailing list