"PS" <[EMAIL PROTECTED]> wrote: > ... if a nas sends invalid shared secret I still get it's access > request packet processed, but only the User-Password is modified > (with trash).
That's the way RADIUS works. > As I found out, there is no such problem for accounting packets - > they are automatically rejected. That's the way RADIUS works. > Can I make freeradius reject (or even better leave without a > responce) registration packets that do not come from specified ip > address and don't have correct shared secret? You can filter by IP, but not by incorrec shared secret. There is *nothing* in the protocol for Access-Requests that would let you discover that the shared secret is wrong. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html