Real Time Ascend Maling List Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(ASCEND) Using ID Auth to use PAP/CHAP first then CLID?
I have been using CLID for some time now with great success with our
Radius Servers. However, I have come across a situation that I cannot
seem to figure out if there is any way to make the MAXen re-order the
radius accounting packets.
Here is what I see happening today :
1) call comes into the MAX
2) with ID Auth set to Prefer or First (for 6.1.24 and later)
the CALLID value is used as the username and passed in a
radius packet to the Radius server
3) the username=CALLID is checked in the local profiles
4) if a match is made, then an ACK is sent back to the NAS
and the call is accepted
5) if no match is made to the CALLID, then a NAK is sent to
the NAS and the call is rejected
6) if a NAK is received by the NAS for CALLID authentication, then
PAP/CHAP authentication is attempted with the Radius Server
7) if a match is made, then an ACK is sent back to the NAS and
the call is allowed to connect
8) if no match is made, then a NAK is sent back to the NAS and
the call is rejected
This all works great, except for one problem. What if a user calls in
with the appropriate CALLID, but wants to authenticate with username and
login? This is requested by some of our users for accounting reasons so
that allocation of usage is done correctly. So, the way I see it
happening is to get the MAXen to reverse the order from CALLID then PAP to
PAP then CALLID.
Thanks for any assistance you might have,
Neil :-)
--------------------------------------------------------------------------
Neil Movold Phone: (441) 296-9628
Director of Technology Fax: (441) 295-1149
Logic Communications Ltd. E-Mail: neil@logic.bm
P.O. Box HM 2445 WWW: http://www.logic.bm
Hamilton, Bermuda, HM JX WWW: http://www.ibl.bm
++ Ascend Users Mailing List ++
To unsubscribe: send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd: <http://www.nealis.net/ascend/faq>