Questions about 3.2.5 (BalstRADIUS)
Alan DeKok
aland at deployingradius.com
Tue Jul 16 15:44:57 UTC 2024
On Jul 16, 2024, at 3:25 AM, James Fan <polysorb at gmail.com> wrote:
> I upgraded to 3.2.5 and added the following configurations to the
> security section in the radius.conf.
>
> require_message_authenticator = yes
> limit_proxy_state = yes
That's good.
> I've noticed an unexpected behavior. When I send an access request without
> the Message-Authenticator but with the Proxy-State, I still get an access
> rejected response rather than the expected access discarded. Could you
> please clarify if this is the intended behavior?
>
> I am using the dynamic clients. Does that override the client configs? I
> don't add the &FreeRADIUS-Client-Require-MA setting.
For now, you will need to add a &FreeRADIUS-Client-Require-MA attribute for dynamic clients.
I'll double-check that for a future 3.2.6 release.
Alan DeKok.
More information about the Freeradius-Users
mailing list