Proxy Freeradius 3.0.11 remove Message-Authenticator

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Apr 8 15:07:01 CEST 2016


> On 8 Apr 2016, at 09:00, LABAT, Xavier <xavier.labat at axione.fr> wrote:
> 
> Hello,
> 
> We would like to upgrade our proxy RADIUS solution from Freeradius 2.2.6 to Freeradius 3.0.11. We collect and switch PPP authentication/accounting requests to our different customers.
> One of them reject all authentication request if they are sent with < Message-Authenticator > attribute. We would like to upgrade without asking any changes to our clients.
> We configure the home_server with option "require_message_authenticator = no" in proxy.conf but < Message-Authenticator > attribute is still present in the proxy request.
> 
> Alan DeKok said previously  :
> "> I believe Message-Authenticator is now always sent in 3.0, unconditionally.
>  Yes.  It's best to always send it.  It enables security and debugging checks that are otherwise not possible."
> 
> Even if it's recommanded, is it possible to remove < Message-Authenticator > attribute in the proxy request ?

You have access to the list of attributes used for the proxy request in the pre-proxy section.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160408/86b514c4/attachment.sig>


More information about the Freeradius-Users mailing list