Problem with Cisco WLC probes in FR 2.2.1
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Oct 7 09:40:15 CEST 2013
Hi,
> >if (Service-Type == "NAS-Prompt-User") {
> > if (NAS-IP-Address =~ /^172\.17\.107\./) {
> > if (User-Name =~ /^wisms\-testing/) {
> > update control {
> > Auth-Type := Accept
> > }
ouch do you realise how dangerous that is? there
should be no need to send an access accept packet back
to these probes - a reject should suffice - and that would stop
an end user subverting your system by simply using
that UserName (if they are using wpa_supplicant they could
add that NAS-Prompt-User attribute)
alan
More information about the Freeradius-Users
mailing list