[RADIATOR] Problems with Secret and SQLClientList
Heikki Vatiainen
hvn at open.com.au
Tue Sep 2 09:40:01 CDT 2014
On 09/02/2014 04:59 PM, Herrmann, Daniel wrote:
>> For verifying the request you should configure your RADIUS clients to send
>> Message-Authenticator attribute. In addition, you can configure Radiator
>> with RequireMessageAuthenticator Client flag to require the clients to use
>> this attribute.
>
> AFAIK most switching devices (including Cisco, commonly used here) does not support the message-authenticator attribute. However the solution above works now, thanks again!
Good to hear it works. Fortunately you could turn on User-Password based
checks.
Otherwise the Message-Authenticator would have been the only way to make
sure the client and server secrets match.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list