FreeRadius sends Access-Reject for MAC-AUTH, if shared secret on NAS and server differ
yvsg.phanis at gmail.com
yvsg.phanis at gmail.com
Mon Apr 15 02:08:21 CEST 2019
Hi Alan
Sure. Thanks for sharing the info that clients shouId include this attribute. I will check this RFC too.
I think there are many RFCs based on users experiences with Radius deployments. Have to go through all of these.
Best Regards
Phani
Sent from my iPhone
> On Apr 14, 2019, at 4:52 PM, Alan DeKok <aland at deployingradius.com> wrote:
>
>
>
>> On Apr 14, 2019, at 7:43 PM, Phani Siriki <yvsg.phanis at gmail.com> wrote:
>>
>> Hi Alan
>>
>> Need some inputs on Message-Authenticator attribute. For PAP, Is it
>> recommended to send this attribute from NAS?
>
> RFC 5080 Section 2.2.2 (note the author) says:
>
> Client implementations SHOULD include a Message-Authenticator
> attribute in every Access-Request to further help mitigate this
> issue.
>
> Though vendors are well known for ignoring 10 year-old standards.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list