RE: (ASCEND) Radius Oddity

To: <cfb@nirai.ne.jp>, <ascend-users@bungi.com>
Subject: RE: (ASCEND) Radius Oddity
From: "Troy Settle" <st@i-Plus.net>
Date: Tue, 20 Jul 1999 08:48:50 -0400
Importance: Normal
In-Reply-To: <37945DD5.767D0911@nirai.ne.jp>
Sender: owner-ascend-users@max.bungi.com


We put up with the same thing for a long time.  Recently, we found that
this behavior was causing problems with radius accounting ('joe blow' !=
'joe ' != 'joe').  I looked at the code for ascend's radiusd, and after
seeing how sloppy it is, I checked out cistron radiusd.  It built and
installed without problem, and works great, requiring an exact match
before authentication can take place (It also supports realms and proxy
:).

I'm still using a hacked version of ascend's radiusd for accounting, as I
haven't yet had time to clean up cistron's mysql patch to keep more in
line with ascend's accounting output.  When/if I get this done, I'll be
sure to post a URL.

(Of course, it goes without saying that this all would be much easier if
Ascend would have stuck with the radius specification, and paid specific
attention to details relating to security issues)

--
  Troy Settle
  iPlus Internet Services

It's always a long day... 86400 doesn't fit into a short.

> -----Original Message-----
> From: owner-ascend-users@max.bungi.com
> [mailto:owner-ascend-users@max.bungi.com]On Behalf Of cfb
> Sent: Tuesday, July 20, 1999 7:30 AM
> To: ascend-users@bungi.com
> Subject: (ASCEND) Radius Oddity
>
>
> I noticed something a little odd the other day:
>
> Max# show users
> [...]
> I 288324297 1:6   9:3   64K   64K   PPP     129.168.192.168 joe blow
>
> joe     Password = "bigsecret"
>         User-Service = Framed-User,
>         Framed-Protocol = MPP,
>         Ascend-Assign-IP-Pool = 1,
>         Ascend-Idle-Limit = 900
>
> There isn't a user "joe blow" in the RADIUS users file or in the Max's
> nvram connection profiles.  There is an entry of "joe" and that
> particular account's full name is indeed joe blow.  I suspect that Joe
> Blow typed what he thought his user name was into either his dial-up
> networking or the windows login (maybe both).  Anyway,
> equipment/software mix is a Max4k running 6.1.24 running Ascend Radius
> on a Linux.  I don't know that the software mix is on the users end, but
> it shouldn't matter; RADIUS should be more water tight than that...
>
> Comments?
> ++ Ascend Users Mailing List ++
> To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
> To get FAQ'd:	<http://www.nealis.net/ascend/faq>
>


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:
- (ASCEND) Radius Oddity
  - From: cfb <cfb@nirai.ne.jp>

Prev by Date: (ASCEND) Radius Oddity
Next by Date: Re: (ASCEND) Radius Oddity
Prev by thread: (ASCEND) Radius Oddity
Next by thread: Re: (ASCEND) Radius Oddity
Index(es):
- Date
- Thread