Hello Rob -
I suppose you could configure your NAS equipment with both a primary and a
secondary Radius server, and use different secrets on the two servers. I'm not
sure that the resulting potential confusion would be worth it though.
regards
Hugh
On Mon, 07 Aug 2000, rob wrote:
> > > I need to accept authentication from clients with 2 different secrets.
> > > Can a client have more than one secret? when i list the same ip twice
> > with 2
> > > different secrets the packets donot get forwarded back to the nas
> > correctly.
> > > Another option would be setting up each realm with their own clients list
> > > they would all be the same ip's but with diferent secrets?
> > >
> >
> >I have never heard of such a thing. As you have discovered, Radiator only
> >allows one secret per client. Can you give me a little more detail on why
> >these
> >devices require two secrets? I suppose my first inclination would be to make
> >both client secrets the same. Otherwise, if you can configure different target
> >IP addresses and/or port numbers for the two parts of the client, then you
> >could run two instances of Radiator, each with the corresponding secret.
>
> Hi Guys,
> Hope you don't mind me jumping in here..
>
> I've been wondering the same question too.
>
> The reason is for basic security. As our company has a large number of
> routers (4,000 or so), it would be 'A good thing' to periodically (once or
> twice a year) change the radius keys. The problem is, your Radiator config
> file would bloat out to several thousand lines extra with all of the
> <Client xxx.xxx.xxx.xxx> statements for each client with the updated Radius
> key to override the <Client DEFAULT> key..
>
> The radius keys would eventually be moved back to a single key, but it
> would be great to have a fallback to the older key for routers that may
> have been un-contactable, or for some reason re-loaded with an older
> configuration with the older radius key (believe me, it happens :( )
>
> Regards,
> Robert Moss.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
