You want to allow any client that matches what is in the clients.conf file in, correct?
Well, sort of.. I want to allow any authentication request which comes in from a client which is contained in the clients.conf file.
The secret in your clients.conf file is used to encrypt and sign packets between the clients and the server. It is not used for authentication.
Based on what you mention here and what someone else on the list mentioned earlier, I think the reason the secret is ignored is because it is used to encrypt the auth info which is basically non existant in an Auth All situation.
Am I getting this correct now?
Have you tried adding the IPs to some type of backend? For example, if you used the users file and huntgroups file. In huntgroups. allow Client-IP-Address == 1.1.1.1 allow Client-IP-Address == 1.1.1.2 allow Client-IP-Address == 1.1.1.3 Then in users file DEFAULT Huntgroup-Name == allow, Auth-Type := Accept DEFAULT Auth-Type := Reject
Well, I don't understand the huntgroups and all just yet, I am new to FreeRadius (not to Radius in general, just FreeRadius). So, will this fix my issue where only CHAP request are rejected? I am only having trouble with CHAP request at this time, all other request from allowed clients in the clients.conf file are getting an Accept back just as I want.
Since we use Qwest dialup as one of our wholesale solutions, they send CHAP and these are getting rejected still, all other vendors are working fine.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
