incorrect shared secret entry authenticates successfully for freerradius
Phil Mayers
p.mayers at imperial.ac.uk
Tue Mar 18 17:54:48 CET 2008
Alan DeKok wrote:
> Phil Mayers wrote:
>> If your NAS supply Message-Authenticator, you could refuse packets
>> without one:
>
> Edit the "client" section and set "require_message_authenticator = yes".
Ah thanks - I didn't know about that
>
> The recommendations of RFC 5080 have been implemented in FreeRADIUS.
> Sometimes years before any other RADIUS server.
>
> Apparently Radiator didn't do duplicate detection until RFC 5080...
> see their changelog for the 4.x series.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list