Hi there,
With the latest updates to our network, I noticed issues with RADIUS and our main gateway.
It shows “No Message-Authenticator attribute”.
Looking into this I found on FreeRADIUS security the BlastRADIUS notice.
The solution seems to be to add two lines in the radiusd.conf:
security {
...
require_message_authenticator = auto
limit_proxy_state = auto
}
or per client configuration:
authorize {
if (!EAP-Message) {
update reply {
Message-Authenticator := 0x00
}
}
My question is if anyone has tried that (and if it is working) or if Univention are planning to add this as a default in UCS (those are not set in 5.0-10 and we are looking at migrating to 5.2 in the next few weeks)
Cheers