Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: (ASCEND) AAC and NAS-IP-Address
Hi Dean,
>
> 1. You need to be running a recent load to support Filter-Id like this.
>
I'm running the latest 6.1.x load which is 6.1.7. I also knew that
Ascend boxes did not support properly Filter-Id until recent
versions such as 6.0.10 or 6.1.7.
> 2. Put your internet users in the standard "/etc/raddb/users" file. This
> will allow them to logon without a realm. You do not need a NULL realm.
1/
That's true, it allows them to logon without REALM. BUT to do so
requires to insert a NULL attribute in the auhtfile anyway, because I
need to use realm to proxy to other radius servers (not mentionned on
my sketch).
2/
My authentication base is common whether users gain access from the
MAX or from FW-1. So, I need to make sure that a user gets the right
PPP attributes (such as Filter-Id, DNS, ...) when he gets
authenticated from the MAX and no special attributes when he gets
authenticated from the FW.
For instance, an authentication from the MAX must be done with a
realm. Any authentication from the MAX without realm will be
discarded. Vice-versa from FW-1.
I hope it is a bit clearer...
Regards,
Herve.
>
>
> Regards,
>
> dean
>
>
>
> At 12:43 PM 10/20/98 +0100, Herve BRUNET wrote:
> >>Hi everybody,
> >>
> >>I'm using AAC (version 11) a MAX4030 (version 6.1.7, load Febk.m40)
> >>and FW-1. The network architecture is as follows :
> >> ------- ------
> >> | MAX |-------------| FW |---------------------
> >> ------- | ------- |
> >> AAC NT4.0 PDC
> >> NT Stand-alone
> >>
> >> Both, my MAX and FW-1 authenticate their user onto AAC.
> >>
> >>AAC proxies all authentication requests to a NT4.0 Primary Domain
> >>Controller. The FW has got the right ports opened.
> >> Users who are getting connected on the MAX have to use a
> >>REALM such as:
> >> bob@campus
> >>
> >>Bob is registered into NT's SAM.
> >>
> >>When authentication requests come from FW-1, AAC also proxies
> >>requests to NT4.0.
> >>Users gain access without REALM (because of a bug in internet
> >>explorer 4.0).
> >>
> >>
> >>I need to make sure that users people get connected from the FW-1
> >>without REALM and with REALM from the MAX. I would like to apply
> >>different filters onto these profiles. Consequently, the distinction
> >>is mandatory.
> >>
> >>Files description
> >>--------------------
> >>
> >>Clients :
> >>MAX radius type=ASCEND:NAS
> >>fw-1 radius type=ASCEND:NAS
> >>
> >>
> >>Authfile
> >>----------
> >>
> >>NULL FILE internet
> >>campus FILE campus
> >>
> >>campus.users
> >>-----------------
> >>
> >>DEFAULT Authentication-Type = WinNT
> >> Service-Type = Framed,
> >> Framed-Protocol = PPP,
> >> Framed-Routing = None,
> >> Ascend-Assign-IP-Pool = 1,
> >> Ascend-Idle-Limit = 300,
> >> Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> >> Ascend-Client-Primary-DNS = 172.26.2.5,
> >> Filter-Id = "101"
> >>
> >>
> >>internet.users
> >>----------------
> >>
> >>DEFAULT NAS-IP-Address= FW-IP-Addr, Authentication-Type = WinNT
> >> Service-Type = Framed,
> >> Framed-Protocol = PPP,
> >> Framed-Routing = None
> >>
> >>
> >>In order to enable this ability, I've implemented the attribute :
> >> NAS-IP-Address
> >>
> >>Thanks in advance,
> >>
> ===============================================================
> Dean Frye. Escalation and Regional Support
> ________
> Ascend Asia Pacific | /\ | http://apac.ascend.com/
> Level 38/55 Collins | /__\ | em: dfrye@ascend.com.au
> Melbourne, Victoria | // \\ | Voice: +61.3.96567000
> Australia 3000 |/ \__/ \| Mobile: +61.418546635
> ASCEND
> ===============================================================
>
---
Herve Brunet Pre-Sales Engineer
Tel : 01 30 48 83 84 DYNETCOM
Fax : 01 30 48 83 40 Bat GAIA, 9 parc Ariane
78284 Guyancourt cedex
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>
References: