Proxy Freeradius 3.0.11 remove Message-Authenticator

LABAT, Xavier xavier.labat at axione.fr
Fri Apr 8 15:00:35 CEST 2016


Hello,

We would like to upgrade our proxy RADIUS solution from Freeradius 2.2.6 to Freeradius 3.0.11. We collect and switch PPP authentication/accounting requests to our different customers.
One of them reject all authentication request if they are sent with < Message-Authenticator > attribute. We would like to upgrade without asking any changes to our clients.
We configure the home_server with option "require_message_authenticator = no" in proxy.conf but < Message-Authenticator > attribute is still present in the proxy request.

Alan DeKok said previously  :
"> I believe Message-Authenticator is now always sent in 3.0, unconditionally.
  Yes.  It's best to always send it.  It enables security and debugging checks that are otherwise not possible."

Even if it's recommanded, is it possible to remove < Message-Authenticator > attribute in the proxy request ?

Regards.
Xavier
--
Les donnees et renseignements contenus dans ce message sont personnels, confidentiels et secrets. Toute publication, utilisation ou diffusion, meme partielle, doit etre autorisee. Si vous n'etes pas le bon destinataire, nous vous demandons de ne pas lire, copier, utiliser ou divulguer cette communication. Nous vous prions de notifier cette erreur a l'expediteur et d'effacer immediatement cette communication de votre systeme.

Any data and information contained in this electronic mail is personal, confidential and secret. Any total or partial publication, use or distribution must be authorized. If you are not the right addressee, we ask you not to read, copy, use or disclose this communication. Please notify this error to the sender and erase at once this communication from your system.



More information about the Freeradius-Users mailing list