> An approach could be to allow 0.0.0.0/0 in clients.conf and then have a > rlm_python module validate the client, returning RLM_MODULE_FAIL for > packets coming from an unknown nas. In my understanding, this should > make freeradius silently drop the requests rather than replying with a > reject.
I would not recommend doing that. And for things like EAP, it won't work, because the shared secret must be available before the modules are called. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html