FreeRadius sends Access-Reject for MAC-AUTH, if shared secret on NAS and server differ

yvsg.phanis at gmail.com yvsg.phanis at gmail.com
Mon Apr 15 02:08:21 CEST 2019


Hi Alan

Sure. Thanks for sharing the info that clients shouId include this attribute. I will check this RFC too. 

I think there are many RFCs based on users experiences with Radius deployments. Have to go through all of these. 

Best Regards 
Phani

Sent from my iPhone

> On Apr 14, 2019, at 4:52 PM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> 
> 
>> On Apr 14, 2019, at 7:43 PM, Phani Siriki <yvsg.phanis at gmail.com> wrote:
>> 
>> Hi Alan
>> 
>> Need some inputs on Message-Authenticator attribute. For PAP, Is it
>> recommended to send this attribute from NAS?
> 
>  RFC 5080 Section 2.2.2 (note the author) says:
> 
>   Client implementations SHOULD include a Message-Authenticator
>   attribute in every Access-Request to further help mitigate this
>   issue.
> 
>  Though vendors are well known for ignoring 10 year-old standards.
> 
>  Alan DeKok.
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list