Hi,
I am using the following configuration:
O/S: rhel4_u5_i386
Freeradius 1.1.7
Client to test: NTRadPing 1.5
Steps undertaken:
- Installed a fresh system with rhel4_u5_i386
- Build and compile freeradius 1.1.7 on it.
- Update the clients.conf file to add the client entries
[EMAIL PROTECTED] wrote:
Hi,
I am using the following configuration:
O/S: rhel4_u5_i386
Freeradius 1.1.7
Client to test: NTRadPing 1.5
Steps undertaken:
- Installed a fresh system with rhel4_u5_i386
- Build and compile freeradius 1.1.7 on it.
- Update the clients.conf
[EMAIL PROTECTED] wrote:
- However when the same cases are tried for CHAP we can see the
difference. In the first case the authentication is successful; however
when we give a junk shared secret the authentication should ideally have
been rejected.
The key word is ideally. RADIUS isn't
Phil Mayers wrote:
If your NAS supply Message-Authenticator, you could refuse packets
without one:
Edit the client section and set require_message_authenticator = yes.
The recommendations of RFC 5080 have been implemented in FreeRADIUS.
Sometimes years before any other RADIUS server.
Alan DeKok wrote:
Phil Mayers wrote:
If your NAS supply Message-Authenticator, you could refuse packets
without one:
Edit the client section and set require_message_authenticator = yes.
Ah thanks - I didn't know about that
The recommendations of RFC 5080 have been implemented in
5 matches
Mail list logo