Ascend Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Another (ASCEND) RADIUS problem !



On May 5, 10:28am, Timothy J. Hoffmann wrote:
> Subject: Re: (ASCEND) RADIUS problem !

[ ... ]

>  CHAP validation does not work with Unix passwords.  The two clients may
> behave differently when negotiating with the end-user PC.  E.G. Win95 to
> Max always uses CHAP, but Win95 to a Telebit does not.

You're right, this was my problem. I didn't know that the Ascend supports
MS-CHAP, not only MD5-CHAP.

But, I got two other problems:

First, when I disable CHAP for the Ascend, authentication works for all dialin
users, but not longer for WAN connections setup through the "Connections" area.
This is because many of the remote routers are configured with MD5-CHAP and
only support MD5-CHAP. Isit possible to allow CHAP for all "connections" from
the ascend setup, but not for the users from the radius database ??

The second problem is that users that authenticate with the following DEFAULT
entry cannot reach anything in the network, not even the MAX itself, through
the IP protocol ...

the new entry for the merit radiusd
(does not work really. User gets IP, but cannot send or receive any packets):

DEFAULT Authentication-Type = Unix-PW
        Service-Type = Framed,
        Framed-Protocol = PPP,
        Framed-Routing = None

and one old entry from the livingstone (works):

username  Password = "xxxx"
    User-Service = Framed-User,
    Framed-Protocol = PPP,
    Framed-Routing = None,
    Ascend-Assign-IP-Pool =1,
    Ascend-Idle-Limit = 600,
    Framed-Route = "193.158.64.1 0.0.0.0 1 "

I don't want to use any "Ascend-*" or Route= "" statements in my radius
database, because it should become a generic solution for several Ascend, Linux
and other routers. Every dialup user simply should be able to use all routes
which are defined in the MAX and get one IP address from my one and only IP
pool.

thanx, Alex

-- 

 ======================================================= 
 | Alexander Strauss      Phone: +49 8161-3010     --- |
 | Voettinger Str. 32     Fax:   +49 8161-44194     -- |
 | D-85354 Freising       Email: strauss@astracom.net  |
 | Germany                CIS:   73064,3216     ------ |
 ======================================================= 
  A S T R A C O M   N E T W O R K   C O N S U L T I N G  

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.shore.net/~dreaming/ascend-faq>
or		<ftp://ftp.shore.net/members/dreaming/ascend-faq.txt>