On 16.9.2024 11.34, Patrik Forsberg wrote:
So I was finally able to try this.. and it didn’t work out of the box.. I had to add a “StripFromReply Message-Authenticator” too .. otherwise it added the Message-Authenticator anyway..
Yes, if you're e.g., proxying, then StripFromReply within AuthBy RADIUS or CLient is needed in addition to the hook. The hook should be enough when the reply is directly generated by Radiator.
But yes it fixed the issue with the device I had problems with..
That's interesting. It's also a bit of a concern because it removes the mitigation against Blast-RADIUS. Messsage-Authenticator has been around for a long time and even if they don't require it, it would be good if they would somehow recognise (or better verify) it, instead of of discarding the reply.
If you can reply with information about the vendor, please let me know. Thanks, Heikki -- Heikki Vatiainen Radiator Software, makers of Radiator Visit radiatorsoftware.com for Radiator AAA server software _______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
