[RADIATOR] Problems with Secret and SQLClientList
Heikki Vatiainen
hvn at open.com.au
Tue Sep 2 08:33:33 CDT 2014
On 09/01/2014 03:12 PM, Herrmann, Daniel wrote:
> However, the secret does not work. When testing the authentification
> with NTRadPing, Radiator answers to my (known) client, nevertheless
> which secret I use. If I use “cisco”, I get an answer, if I use
> “7jnasdfjksa” I also get the answer. What can cause Radiator not to
> check the secret sent among the request?
Hello Daniel,
the response from Radiator should always be Access-Reject and NTRadPing
should complain about bad response authenticator or something similar.
The Authenticator field in the request is used to encrypt the
User-Password but it is not used to verify the request itself.
For verifying the request you should configure your RADIUS clients to
send Message-Authenticator attribute. In addition, you can configure
Radiator with RequireMessageAuthenticator Client flag to require the
clients to use this attribute.
Thanks,
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list