On 09/01/2014 03:12 PM, Herrmann, Daniel wrote: > However, the secret does not work. When testing the authentification > with NTRadPing, Radiator answers to my (known) client, nevertheless > which secret I use. If I use “cisco”, I get an answer, if I use > “7jnasdfjksa” I also get the answer. What can cause Radiator not to > check the secret sent among the request?
Hello Daniel, the response from Radiator should always be Access-Reject and NTRadPing should complain about bad response authenticator or something similar. The Authenticator field in the request is used to encrypt the User-Password but it is not used to verify the request itself. For verifying the request you should configure your RADIUS clients to send Message-Authenticator attribute. In addition, you can configure Radiator with RequireMessageAuthenticator Client flag to require the clients to use this attribute. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
