Bug fixes
* Dynamic clients now inherit require_message_authenticator
- and limit_proxy_state from the "security" section.
+ and limit_proxy_state from dynamic client {...} definition.
* Fix radsecret build rules to better support parallel builds.
FreeRADIUS 3.2.5 Tue 09 Jul 2024 12:00:00 UTC urgency=high
# be used.
# directory = ${confdir}/dynamic-clients/
+ #
+ # If these two flags are not set here, Then their values will
+ # be taken from the corresponding flags in the main
+ # security{...} section.
+ #
+ # The resulting values will be used as the defaults for any
+ # dynamic client which is being defined. The
+ # "FreeRADIUS-Client-Require-MA" attribute (see below) can be
+ # used to further over-ride this flag.
+ #
+ # Note that it is NOT possible to set
+ #
+ # &FreeRADIUS-Client-Require-MA = auto
+ #
+ # The value MUST be either "yes" or "no".
+ #
+ # Note that is is NOT possible to change the value of
+ # "limit_proxy_state" dynamically via an attribute.
+ #
+ #
+# require_message_authenticator = yes
+# limit_proxy_state = yes
+
+
#
# Define the lifetime (in seconds) for dynamic clients.
# They will be cached for this lifetime, and deleted afterwards.
&FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}"
# require_message_authenticator
- &FreeRADIUS-Client-Require-MA = no
+# &FreeRADIUS-Client-Require-MA = no
# secret
&FreeRADIUS-Client-Secret = "testing123"
c->ipaddr.af = AF_UNSPEC;
c->src_ipaddr.af = AF_UNSPEC;
- c->require_ma = main_config.require_ma;
- c->limit_proxy_state = main_config.limit_proxy_state;
+ /*
+ * Set these defaults from the main 0/0 client. This
+ * allows it to either inherit the global configuration,
+ * OR to have the client{...} setting override it.
+ */
+ c->require_ma = request->client->require_ma;
+ c->limit_proxy_state = request->client->limit_proxy_state;
fr_cursor_init(&cursor, &request->config);
projects / thirdparty / freeradius-server.git / commitdiff
