If you make a very secure and long shared secret and plan to change it
from time to time you should get away with it.
Ivan Kalik
Kalik Informatika ISP
Dana 30/5/2007, "Mati Katz" <[EMAIL PROTECTED]> piše:
>>
>>
>>
>> >The simple answer is don't use dynamic hosts.
>>
>> >FreeRADIUS reads the clients file once at startup, resolves the IP's and
>> >then stores those. It won't know about the new IP until the daemon is
>> >restarted (or in theory HUP'ed when that is fixed).
>>
>> >If you must use dynamic hosts, then you will need to specify an IP range
>> >like this:
>>
>> >client 192.168.0.0/24 {
>> > secret = testing123-1
>> > shortname = private-network-1
>> >}
>>
>> >That would allow a NAS to have any of 254 different IP's and still be
>> >able to talk to FreeRADIUS. It would also allow anyone else on those
>> >IP's who wants to talk to you NAS and can figure out the secret to
>> >potentially do naughty things.
>
>
> Thanks Dennis, i understand what you say but i thought that there is a
>way to use dynamic Dns because not all people have static IP , here in
>Israel at least.
>I understand that using a range of Ip is not secure , isn't it ?
>
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
