From: Alan T. DeKok <aland@freeradius.org>
Date: Mon, 7 Jul 2025 15:20:37 +0000 (-0400)
Subject: update docs and debug message for wildcard clients
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=4781bbbd48caa8dc565c4135115bc770e82887c4;p=thirdparty%2Ffreeradius-server.git

update docs and debug message for wildcard clients
---

diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
index 8650c17083..1bf4b8efcf 100644
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -755,6 +755,11 @@ security {
 	#    the to "yes" manually, in order to make a permanent
 	#    change to the configuration.
 	#
+	#    The "auto" flag will have no effect for a client which
+	#    uses a network IP/mask definition.  If you need to
+	#    control this flag on a per-IP basis, then each "client"
+	#    definition must have only one IP address listed.
+	#
 	#    WARNING: If there are multiple NASes with the same source
 	#    IP and client definitions, BUT the NASes have different
 	#    behavior, then this flag WILL LIKELY BREAK YOUR NETWORK.
diff --git a/src/main/listen.c b/src/main/listen.c
index 68da367dc1..6d578999ab 100644
--- a/src/main/listen.c
+++ b/src/main/listen.c
@@ -575,6 +575,8 @@ static void blastradius_checks(RADIUS_PACKET *packet, RADCLIENT *client)
 			/*
 			 *	Don't change it from "auto" for wildcard clients.
 			 */
+			DEBUG("BlastRADIUS check: Received packet with Message-Authenticator.");
+			DEBUG("NOT changing \"require_message_authenticator\" flag for client %s with IP/mask", client->shortname);
 			return;
 
 		} else {