Re: (ASCEND) Radius: stop users from dialin two times (fwd)

[MegaZone <megazone@megazone.org>]

Once upon a time Mitchell Arnone shaped the electrons to say...
>For a RADIUS server, we use the Shiva Access Manager.  So long as the NAS 

If it relies solely on RADIUS then it is flawed, no matter what NAS is 
used.  RADIUS has fundamental limitations at the protocol level and it is
impossible to make a 100% reliable service for preventing simultaneous logins
without an external 'check' protocol such as SNMP, finger, etc.

>fully supports all RADIUS attributes, we are able to limit users to a 
>single login as well as restrict login to specific times of day for 
>specific users and so on.  We use the MAX TNT and two other products 
>(legacy LANA boxes by Diigi and Bay Networks 5399 terminal servers).  The 

I know that all of those things are possible on the RAC5399/RAC8000 from
Nortel (Bay) - I've seen it done and helped configure servers to do so.

Time of day restrictions are server dependent and should not require anything
special are all from the NAS.  

Simultaneous use restrictions only need noram Auth-Req and Acct-Req packets
from the NAS, and intelligence on the server.

I haven't dealt with the Digi products, but I know that you can do what
you are asking on Lucent, Cisco, Nortel (Bay), Ascend, 3Com, Computone,
Cyclades, and even PortSlave on a host.  Those are the products I've either
done it on myself or talked with those doing it.

-MZ
-- 
-=*X I'm going down...  under that is! <URL:http://www.aussie-isp.net/> X*=-
<URL:mailto:megazone@megazone.org> Gweep, Discordian, Author, Engineer, me..
Join ISP/C Internet Service Providers' Consortium <URL:http://www.ispc.org/>
"A little nonsense now and then, is relished by the wisest men" 781-788-0130
<URL:http://www.megazone.org/>  <URL:http://www.gweep.net/>  Hail Discordia!
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>