Proxy Freeradius 3.0.11 remove Message-Authenticator
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Fri Apr 8 15:07:01 CEST 2016
> On 8 Apr 2016, at 09:00, LABAT, Xavier <xavier.labat at axione.fr> wrote:
>
> Hello,
>
> We would like to upgrade our proxy RADIUS solution from Freeradius 2.2.6 to Freeradius 3.0.11. We collect and switch PPP authentication/accounting requests to our different customers.
> One of them reject all authentication request if they are sent with < Message-Authenticator > attribute. We would like to upgrade without asking any changes to our clients.
> We configure the home_server with option "require_message_authenticator = no" in proxy.conf but < Message-Authenticator > attribute is still present in the proxy request.
>
> Alan DeKok said previously :
> "> I believe Message-Authenticator is now always sent in 3.0, unconditionally.
> Yes. It's best to always send it. It enables security and debugging checks that are otherwise not possible."
>
> Even if it's recommanded, is it possible to remove < Message-Authenticator > attribute in the proxy request ?
You have access to the list of attributes used for the proxy request in the pre-proxy section.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160408/86b514c4/attachment.sig>
More information about the Freeradius-Users
mailing list