(ASCEND) How to reject multiple logins from RADIUS?

To: ascend-users@bungi.com
Subject: (ASCEND) How to reject multiple logins from RADIUS?
From: Phillip Vandry <vandry@mlink.net>
Date: Sat, 17 Oct 1998 15:28:39 -0400 (EDT)
Cc: pascal@mlink.net
Sender: owner-ascend-users@max.bungi.com

As we know, the Shared Prof parameter can be used to tell a Max to
reject a new session if there's already one with the same username.

But that only works within a Max.

I can't figure out how a RADIUS server might to the same thing (so that
it can work across multiple NASes). I looked at the contents of an
Authentication request packet coming from a Max, and it contains the
following attributes:

User-Name, Password, NAS-Port, NAS-Port-Type, User-Service,
Framed-Protocol, Acct-Session-Id, State, Client-Port-DNIS,
NAS-Identifier, Caller-Id.

That isn't enough information for the RADIUS server to decide
whether to reject the call, since it may refer to a new extra
channel on a Multilink session (should always allow this), or
it may instead refer to a new session (should only allow this if
there is no other session).

The information is present in the accounting request packet that
comes later (in the form of a Ascend-Num-In-Multilink sttribute)
but by the it's too late to reject the call if it turned out to
be a new session.

I know there are RADIUS servers that do this, so I cannot help but
assume that they reject multilink calls as well duplicate sessions!
(Or what am I missing?)

-Phil
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) How to reject multiple logins from RADIUS?
Next by Date: (ASCEND) P75 6.1.5 ??
Prev by thread: Re: (ASCEND) P75 6.1.5 ??
Next by thread: Re: (ASCEND) How to reject multiple logins from RADIUS?
Index(es):
- Main
- Thread