sophana <[EMAIL PROTECTED]> wrote: > Both the Access Request and Accounting Request MUST have the > NAS-IP-Address > <http://www.freeradius.org/rfc/rfc2865.html#NAS-IP-Address> attribute or > a NAS-Identifier > <http://www.freeradius.org/rfc/rfc2865.html#NAS-Identifier> attribute > (or both). > Does this mean that ALL packets sent from client contains at least one > of these 2 attributes?
Yes. > So does this mean that the radius server could lookup in its database a > secret according to one of these attributes instead of the ip address? In theory, yes. In practice, this permits additional attacks that can compromise your server. Please read clients.conf, and implement my suggestion for using shared secrets for an entire network. It's by far and away the best choice. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
