If you make a very secure and long shared secret and plan to change it from time to time you should get away with it.
Ivan Kalik Kalik Informatika ISP Dana 30/5/2007, "Mati Katz" <[EMAIL PROTECTED]> piše: >> >> >> >> >The simple answer is don't use dynamic hosts. >> >> >FreeRADIUS reads the clients file once at startup, resolves the IP's and >> >then stores those. It won't know about the new IP until the daemon is >> >restarted (or in theory HUP'ed when that is fixed). >> >> >If you must use dynamic hosts, then you will need to specify an IP range >> >like this: >> >> >client 192.168.0.0/24 { >> > secret = testing123-1 >> > shortname = private-network-1 >> >} >> >> >That would allow a NAS to have any of 254 different IP's and still be >> >able to talk to FreeRADIUS. It would also allow anyone else on those >> >IP's who wants to talk to you NAS and can figure out the secret to >> >potentially do naughty things. > > > Thanks Dennis, i understand what you say but i thought that there is a >way to use dynamic Dns because not all people have static IP , here in >Israel at least. >I understand that using a range of Ip is not secure , isn't it ? > > - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html