Re: Subnets in clients file
Kristina Pfaff-Harris <[EMAIL PROTECTED]> wrote: > > You can do that, but I wouldn't recommend it. > > Why not? (Other than worry about one device being cracked compromising the > others.) I've set up clients as network blocks before with no problems. Is > it just the security issues that you're worried about with that? Yes. A secret shared by hundreds of network devices isn't very secret. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RE: Subnets in clients file
I would recommend just writing a shell script to generate the clients file. --Robert R. George -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Pavane Sent: Friday, April 04, 2003 10:50 AM To: [EMAIL PROTECTED] Subject: Subnets in clients file I am currently looking into using Free Radius for my user authentication on my networking equipment that can not support TACACS. As such, I am going to have 100's of devices that will be authenticating off of the Radius server. Will I need to list each device's IP individually in my 'clients' file, or will I simply be able to put a network block, and the key for that entire block? Of course it's a lot easier to list 5 or 6 netblocks than to list a few hundred IP's, if everything has the same key. Thanks. -Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Subnets in clients file
On Fri, 4 Apr 2003, Alan DeKok wrote: > Brian Pavane <[EMAIL PROTECTED]> wrote: > > I am currently looking into using Free Radius for my user authentication > > on my networking equipment that can not support TACACS. As such, I am > > going to have 100's of devices that will be authenticating off of the > > Radius server. Will I need to list each device's IP individually in my > > 'clients' file, or will I simply be able to put a network block, and the > > key for that entire block? > > You can do that, but I wouldn't recommend it. Why not? (Other than worry about one device being cracked compromising the others.) I've set up clients as network blocks before with no problems. Is it just the security issues that you're worried about with that? K. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Subnets in clients file
Brian Pavane <[EMAIL PROTECTED]> wrote: > I am currently looking into using Free Radius for my user authentication > on my networking equipment that can not support TACACS. As such, I am > going to have 100's of devices that will be authenticating off of the > Radius server. Will I need to list each device's IP individually in my > 'clients' file, or will I simply be able to put a network block, and the > key for that entire block? You can do that, but I wouldn't recommend it. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Subnets in clients file
I am currently looking into using Free Radius for my user authentication on my networking equipment that can not support TACACS. As such, I am going to have 100's of devices that will be authenticating off of the Radius server. Will I need to list each device's IP individually in my 'clients' file, or will I simply be able to put a network block, and the key for that entire block? Of course it's a lot easier to list 5 or 6 netblocks than to list a few hundred IP's, if everything has the same key. Thanks. -Brian - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html