Hello Phil
I guess we don't need a per NAS secret but thought it might help block any
customers we don't need.
We have a load of wifi hotspots on dynamic ips. We know all their nas ids, but
not their ip addresses. That's the main reason for it. I guess the other way
would be to use hunt groups or a network id to allow / disallow clients instead
of worrying about the nas?
J
On 24 Oct 2011, at 20:42, Phil Mayers [via FreeRadius] wrote:
> On 10/24/2011 08:06 PM, Jennyanydots Napoleon Shoehorn wrote:
>
> > The ultimate intention was to use the mac address of the nas and a nas
> > specific shared secret.
>
> Do you really need a per-NAS secret?
>
> >
> > In your opinion, are there better ways to deal with dynamic clients?
>
> "It depends". Can you describe your setup in any detail?
>
> If you've got untrusted clients on IP addresses you don't control and
> can't know ahead of time, then it's really hard. The best solution is
> "don't do that".
>
> If your NAS and network topology support it, things like VPN tunnels
> from NAS->radius server with IP assignment might be one option.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
> If you reply to this email, your message will be added to the discussion
> below:
> http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933898.html
> To unsubscribe from Authorising Clients by Calling Station ID Not IP, click
> here.
--
View this message in context:
http://freeradius.1045715.n5.nabble.com/Authorising-Clients-by-Calling-Station-ID-Not-IP-tp4883866p4933910.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html