Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: (ASCEND) Hybrid Access? (fwd)




> Once upon a time Vesa Halkka shaped the electrons to say...
> >can it also provide both terminal server  and 'automatic' PPP with
> >one profile ? (like Ascend MAX). 
> 
> We have it so you can have two profiles - but ONE username/password.
> Same end result, different philosophy to get there.  We don't like the
> Ascend system of leaving Service-Type off.  We prefer keeping profiles
> seperate depending on the type.
> 
> For example:
> 
> DEFAULT1	Auth-Type = System, Framed-Protocol = PPP
> 		rest of PPP entry
> 
> DEFAULT2	Auth-Type = System
> 		rest of login entry
> 
> Now, if the user uses PAP or CHAP (or if they say 'PPP' on a PM configured
> to give a Host: prompt first) the NAS sends a 'hint'.  We use the hint as
> a check item to differentiate login types.

Is this hint documented someplace, we could add it to our 'own' version
of radius. I believe The License says we cannot use Livingston radius
with other boxes. We have Ascend, Cisco, Livingston and Shiva boxes ;-)

> 
> So 'bob' uses PAP/CHAP and he gets PPP, he logs in manually at the prompts
> and gets shell.
> 
> This is our RADIUS 2.0/2.01 server - it also allow user defined Prefix/Suffix
> for things like Puser, user.ppp, user%slip, etc - you define what you want.
> Some sites have patches to older RADIUS versions or other vendors and this
> allows them to switch transparently.
> 
> There are other check items that you can key off of too, of course,  So
> one user name can have a variety of different profiles, depending on what
> they are doing.

Our radius can already be keyed to choose the autenthicating host. It can
recognise user@host as unix account and .string.string.string.. as
netware NDS account. NT support is probably coming.

We have 20000-30000 users, and we don't want to maintain anything
special for them, but multiple default profiles would be OK.

An other thing:

have you any idea when we could get a PM3 sw version that gives the 
caller id in the *authentication* packet. It comes only in the accounting
packet. Our radius doesn't allow anonymous calls, and we have had to
make an exception rule for the PM3s.

--
Vesa Halkka                       -O___/ 
University of Helsinki CC:         (  /   	 vesa.halkka@helsinki.fi 
                                   ~~~~~  	 





++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>