Hi, > If some machine is in the same subnet as the radiusd and the AP, > how do I prevent it from sniffing the secret for authentication > to the server?
because you cant sniff the secret? the secret is stored on the AP and the RADIUS server - the RFC will tell you how it is used. you might be able to sniff the RADIUS traffic if the network has hubs rather than switches or you do MAC floods etc to get the traffic to your interface (on a proper network your machine wont see unicast traffic for another host if you are on the same subnet....) alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
