I just hit a really odd problem with a secrets.
We were asked to use FreeRadius to provide IP addresses to an Ericsonn
NAS. We set up the server and have some test clients with simple secrets.
If those are right it works, if they are wrong it fails.
Then we put in the secret for the Ericsonn (I
the signature.
The Message-Authenticator attribute can be used to sign the
Access-Request packet which will cause the server to reject a packet
with the an incorrect MA signature.
David Goodenough wrote:
I just hit a really odd problem with a secrets.
We were asked to use FreeRadius to provide IP
Even though the secret is incorrect the authentication can be
correct. The server returns an Access-Accept. Why? The server trusts the
client (it's in the accepted NAS list) and performs the authentication.
I might have missed something here, sorry in advance ;-)
Since the secret is
can be used to sign the
Access-Request packet which will cause the server to reject a packet
with the an incorrect MA signature.
David Goodenough wrote:
I just hit a really odd problem with a secrets.
We were asked to use FreeRadius to provide IP addresses to an Ericsonn
NAS. We set up
Most authentication methods don't use the secret as part of the password
encoding and use independent information for encoding.
PAP is the only authentication method that depends on the secret.
For example CHAP uses the password, two random numbers and MD5 to encode
the password.
Thibault
Most authentication methods don't use the secret as part of
the password
encoding and use independent information for encoding.
PAP is the only authentication method that depends on the secret.
For example CHAP uses the password, two random numbers and
MD5 to encode
the password.
6 matches
Mail list logo