Not responding when a user is unknown
Phil Mayers
p.mayers at imperial.ac.uk
Tue Jul 10 16:14:56 CEST 2012
On 10/07/12 14:56, perl-list wrote:
> So basically, is there a setting that causes the FreeRADIUS server to
> not respond to Access-Request packets if the username contained there-in
> is not found in whatever database it is using?
If you're running a recent version of the server, and you configure it
that way, it can to that. See the "do_not_respond" policy in "policy.conf".
This is usually a bad idea unless you have a very good understanding of
what you want to achieve.
It's a particularly bad idea if you do it on some usernames and not
others, as downstream clients (NAS or proxy clients) will mark the
server dead based on untrusted input (the username).
More information about the Freeradius-Users
mailing list