"Alan DeKok" <[EMAIL PROTECTED]> writes: > Ted Cabeen <[EMAIL PROTECTED]> wrote: >> Looking at the code, I just noticed that >> radutmp is also always trusted when the request comes from an unknown >> NAS, which happens as well/ > > Hmm... the more I look at that code, the more I think it's wrong. > > The current code tries to poke the NAS, even if the request came > through a proxy server. This is very, very, wrong. It should *never* > do that. > > Instead, it should default to using the NAS type of the proxying > server, which can be listed as "other" (fail-reject), or a new > "fail-ok", as I suggested.
Defaulting to the NAS type of the proxying server is a fine solution. I look forward to in a future release. For now, I'll just change the source. Thanks for working through this with me. I'm sorry I couldn't explain my issues perfectly clearly from the beginning. Thanks! -- Ted Cabeen http://www.pobox.com/~secabeen [EMAIL PROTECTED] Check Website or Keyserver for PGP/GPG Key BA0349D2 [EMAIL PROTECTED] "I have taken all knowledge to be my province." -F. Bacon [EMAIL PROTECTED] "Human kind cannot bear very much reality."-T.S.Eliot [EMAIL PROTECTED] - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
