(ASCEND) Re: Got the RADIUS disconnect working

To: adamc@demon.net (Adam Chappell)
Subject: (ASCEND) Re: Got the RADIUS disconnect working
From: Jim Segrave <jes@demon.net>
Date: Wed, 11 Jun 1997 14:45:51 +0100 (BST)
Cc: ascend-users@bungi.com
In-Reply-To: <866035229.13630.0@office.demon.net> from "Adam Chappell" at Jun 11, 97 02:20:29 pm
Reply-To: jes@demon.net
Sender: owner-ascend-users@max.bungi.com

{For the Ascend users mailing list as well]

Has anyone else encountered this problem with the internal Radius
server on a MAX 4000 running 5.0Ap4?

> I've got radius_disconnect_user() function within pwdradius
> working finally - I don't actually call build_auth_req anymore
> but do pretty much the same thing.
> 
> It's now possible to have rad point at an ascend and kick a user
> off which I think is fairly useful.  One problem I've noticed though
> is that when rad sends off the UDP request it sources it from some
> randomish high numbered client port as I'd expect. Unfortuantely,
> the MAX chooses to reply to the generic radius/1645 (or whatever
> you've configured) server port - so of course rad doesn't see this.
> (I've fiddled with the MAX and confirmed with tcpdump what is
> happening).
> 
> This seems extremely broken to me. It effectively means I couldn't
> have multiple rads doing the same thing on one box or even have rad
> disconnect from one of radiusd hosts. Duh!
> 
> Is there any good reason you can think off for why the MAX does this, or 
> is it really broken?

It sounds badly broken to me.
 
> The actual disconnect operation works - it's just that rad never
> sees the response saying whether it worked or not.

You could do the following:

configure the Max Radius server to some other port than 1645.
alter the disconnect function in rad to bind to that port number,
rather than choosing an arbitrary one. If the bind fails, wait a bit
and try again, possibly warning the user. Once you get the port bound,
send your request but don't close the socket. Wait until you've got
your response (or time out), then close the socket which will allow
other users to bind to that port. It's not ideal, but would allow
multiple users to access this function.

-- 
Jim Segrave           jes@demon.net


++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>

Prev by Date: Re: (ASCEND) MAX 4048
Next by Date: Re: (ASCEND) MAX TNT MIBs
Prev by thread: Re: (ASCEND) Cause Code 17.
Next by thread: (ASCEND) no luck filters
Index(es):
- Main
- Thread