FreeRadius sends Access-Reject for MAC-AUTH, if shared secret on NAS and server differ
Alan DeKok
aland at deployingradius.com
Mon Apr 15 01:52:47 CEST 2019
> On Apr 14, 2019, at 7:43 PM, Phani Siriki <yvsg.phanis at gmail.com> wrote:
>
> Hi Alan
>
> Need some inputs on Message-Authenticator attribute. For PAP, Is it
> recommended to send this attribute from NAS?
RFC 5080 Section 2.2.2 (note the author) says:
Client implementations SHOULD include a Message-Authenticator
attribute in every Access-Request to further help mitigate this
issue.
Though vendors are well known for ignoring 10 year-old standards.
Alan DeKok.
More information about the Freeradius-Users
mailing list