update docs and debug message for wildcard clients

diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
index 8650c1708368f17dbc760ffcaa6769d2f14bbf51..1bf4b8efcf1547839d114564dddd6c16903c4cc2 100644 (file)
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -755,6 +755,11 @@ security {
        #    the to "yes" manually, in order to make a permanent
        #    change to the configuration.
        #
+       #    The "auto" flag will have no effect for a client which
+       #    uses a network IP/mask definition.  If you need to
+       #    control this flag on a per-IP basis, then each "client"
+       #    definition must have only one IP address listed.
+       #
        #    WARNING: If there are multiple NASes with the same source
        #    IP and client definitions, BUT the NASes have different
        #    behavior, then this flag WILL LIKELY BREAK YOUR NETWORK.

diff --git a/src/main/listen.c b/src/main/listen.c
index 68da367dc1c164e509f6421b8f47b79b097cf5d0..6d578999ab15ed4be1a1c47e757f12bc15d37161 100644 (file)
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -575,6 +575,8 @@ static void blastradius_checks(RADIUS_PACKET *packet, RADCLIENT *client)
                        /*
                         *      Don't change it from "auto" for wildcard clients.
                         */
+                       DEBUG("BlastRADIUS check: Received packet with Message-Authenticator.");
+                       DEBUG("NOT changing \"require_message_authenticator\" flag for client %s with IP/mask", client->shortname);
                        return;
 
                } else {