If a packet is received that contains an incorrect shared secret,
should something be logged? Looking through the logs, it looks like
freeradius still tries to process the request, the password is
mangled, but no mention of incorrect shared secret as far as I get
tell.
-
List info/subscribe
James Devine wrote:
If a packet is received that contains an incorrect shared secret,
should something be logged?
No.
Looking through the logs, it looks like
freeradius still tries to process the request, the password is
mangled, but no mention of incorrect shared secret as far as I get
users mailing list
Subject: Re: incorrect shared secret entry authenticates successfully
forfreerradius
[EMAIL PROTECTED] wrote:
Hi,
I am using the following configuration:
O/S: rhel4_u5_i386
Freeradius 1.1.7
Client to test: NTRadPing 1.5
Steps undertaken
] On Behalf Of Phil Mayers
Sent: Tuesday, March 18, 2008 7:24 PM
To: FreeRadius users mailing list
Subject: Re: incorrect shared secret entry authenticates successfully
forfreerradius
[EMAIL PROTECTED] wrote:
Hi,
I am using the following configuration:
O/S: rhel4_u5_i386
Freeradius 1.1.7
Client
[EMAIL PROTECTED] wrote:
Do you mean the clients.conf file? I don't see
require_message_authenticator there. If it is some other file then
please let me know the details. I am a new user so not much aware of the
configuration files.
It's in 2.0.
Alan DeKok.
-
List
Hi,
I am using the following configuration:
O/S: rhel4_u5_i386
Freeradius 1.1.7
Client to test: NTRadPing 1.5
Steps undertaken:
- Installed a fresh system with rhel4_u5_i386
- Build and compile freeradius 1.1.7 on it.
- Update the clients.conf file to add the client entries
[EMAIL PROTECTED] wrote:
Hi,
I am using the following configuration:
O/S: rhel4_u5_i386
Freeradius 1.1.7
Client to test: NTRadPing 1.5
Steps undertaken:
- Installed a fresh system with rhel4_u5_i386
- Build and compile freeradius 1.1.7 on it.
- Update the clients.conf
to catch the case of an incorrect shared secret.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Phil Mayers wrote:
If your NAS supply Message-Authenticator, you could refuse packets
without one:
Edit the client section and set require_message_authenticator = yes.
The recommendations of RFC 5080 have been implemented in FreeRADIUS.
Sometimes years before any other RADIUS server.
Alan DeKok wrote:
Phil Mayers wrote:
If your NAS supply Message-Authenticator, you could refuse packets
without one:
Edit the client section and set require_message_authenticator = yes.
Ah thanks - I didn't know about that
The recommendations of RFC 5080 have been implemented in
PROTECTED]
dius.org] On Behalf Of Phil Mayers
Sent: Tuesday, March 18, 2008 10:25 PM
To: FreeRadius users mailing list
Subject: Re: incorrect shared secret entry authenticates successfully
forfreerradius
Alan DeKok wrote:
Phil Mayers wrote:
If your NAS supply Message-Authenticator, you could refuse
Thank You Alan and Stefan for your replies.
So if I understand correctly in case of authentication methods like
CHAP the client does NOT SEND ANYTHING SIGNED with the shared secret
and as such the RADIUS server CANNOT verify whether the client has the
proper shared secret. In this case it is the
Sayantan Bhowmick [EMAIL PROTECTED] wrote:
So if I understand correctly in case of authentication methods like
CHAP the client does NOT SEND ANYTHING SIGNED with the shared secret
and as such the RADIUS server CANNOT verify whether the client has the
proper shared secret. In this case it is
Hi,
I am using FreeRADIUS version 1.0.2 and I am trying to authenticate
users using CHAP authentication. Everything works and authentication
goes through except that users are authenticated successfully( provided
userid and password id correct) irrespective of what is entered for the
shared
Sayantan Bhowmick wrote:
Hi,
I am using FreeRADIUS version 1.0.2 and I am trying to authenticate
users using CHAP authentication. Everything works and authentication
goes through except that users are authenticated successfully( provided
userid and password id correct) irrespective of what
Hi,
Sayantan Bhowmick schrieb:
I am trying to authenticate users using CHAP authentication.
(snipp)
users are authenticated successfully( provided userid and
password id correct) irrespective of what is entered for the
shared secret in the client. Is this a defect?
IIRC, yes, that
16 matches
Mail list logo