Mojo Jojo wrote:
At this time, the request are authed regardless of the username or
password but they are authed regardless of the client or secret.
Not possible.
You are correct..
Let me re-phrase after doing a little more testing...
At this time I have an "AuthAll" setup working and it only works for
request that come from IPs with belong to clients defined in the
clients.conf file.
But...
I have confirmed 100% that the secret on defined in those clients is
totally ignored in this situation.
So, I can attempt to login from a defined client using any secret and
they all work as long as the request is coming from an IP belonging to a
client defined in the clients.conf file.
I don't care if the secret is ignored personally, just thought some of
you folks might want to know. As long as the request are only honored
from authorized IPs this is good enough for the application I am using
it for.
If you look at the way the secret is used you'll find that your use of
auth-type := accept makes it irrelevant.
--
Lewis Bergman
Texas Communications
4309 Maple St.
Abilene, TX 79602-8044
Off. 325-691-1301
Cell 325-439-0533
fax 325-695-6841
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
