On 11.9.2024 14.00, Patrik Forsberg wrote:
Follow up question on this .. is there a way to disable sending the
Message-Authenticator attribute ? .. I know I know but I think I ran into a
device that actually _hate_ this attribute for some weird reason.. at least it
worked prior to upgrading and now it doesn't .. so at least to exclude this
possibility it would be good to be able to remove it without degrading
Radiator..
See if this works:
<Client 127.0.0.1>
Identifier loopback-client
Secret mysecret
</Client>
<Handler>
<AuthBy FILE>
Filename %D/users
</AuthBy>
PostAuthHook sub { my $p = ${$_[0]}; \
$p->{rp}->{skip_message_authenticator} = 1 \
if $p->{Client}->{Identifier} eq 'loopback-client'; }
</Handler>
The idea is to see if the request was received from a problematic
client. If it was, then the reply is tagged with a special flag that
suppresses Message-Authenticator. This is sometimes needed for odd
Radius dynauth servers etc. This flag should be considered an internal
flag and if the need for a configuration option arises then we can
consider it. However, it should allow you to check if it makes the
client work again.
Please let me know if you can tell what's the device in question.
Thanks,
Heikki
--
Heikki Vatiainen
Radiator Software, makers of Radiator
Visit radiatorsoftware.com for Radiator AAA server software
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
