Mar 7 2012

A global shared secret can be configured for any requesting client IP Address not matching a known RADIUS client by manual configuration of the RadiusNT windows registry or RadiusX configuration file.

On windows platforms open the registry editor and browse to
HKEY_LOCAL_MACHINE\SOFTWARE\IEA\RadiusNT

On UNIX platforms open the file /usr/local/radius/radiusd.ini using a text editor.

To configure global shared secret set or add field 'GlobalSecret' with a value reflecting global shared secret. The secret should contain at least 16 randomly selected characters including letters, numbers and symbols.

Next to enable RadiusNT to accept requests from unknown clients set or add field 'IPCheck' with a value '0'.

These changes are effective after RadiusNT/X is restarted.

The use of this feature should be weighed carefully against increased security risk to RADIUS infrastructure.

If global secret is used option '(Auth) Require digital signatures' from RadiusNT/X Admin / Advanced menu can be enabled to prevent processing of authentication attempts from unauthorized clients without knowledge of the global shared secret. Use of this feature requires ALL RADIUS clients to send digital signatures with their Access-Request transactions.