Dans son message (In his/her message), Tim Basher ecrivait (wrote) : > > It seems that the TNT is more "laxist" on the authentication process than > > the Max4000 : if the login and password match, then that's OK. > > This is also true for the MAX4000. I agree. > > The Max4000 seems to also check that the IP address of the remote site > > is corresponding to what is indicated in the Radius profile... > > The MAX4000 will only do this when you enable the function: > Ethernet->Answer->Assign Adrs=Yes > Ethernet->Mod Config->Pool only=Yes > Otherwise, it will accept the IP address requested by the remote system. This is also correct, and really usefull ;-) > > As this check is performed by the radius database, this might indicate that > > some parameters are not transmitted to the Radius by the TNT... > > Actually you are wrong - the check is *not* performed by the RADIUS server. I thought. This is usually a reason for a LAN Security error message in the Radius server log file... > There is a section of documentation for the TNT similar to that found for > the MAX - "Requiring that a caller accept an IP address from the MAX TNT". > > Briefly [look it up for the full text]: > > To specify that the MAX TNT try to assign an IP address to a calling > device, set Assign- Address=Yes in the IP-Answer subprofile of the > Answer-Defaults profile. > > The MAX TNT asks the device to accept an assigned address. The address > can be a static address or a dynamic address. > ... > To require a calling station to accept an IP address from the MAX TNT, > set Must-Accept-Address-Assign=Yes in the IP-Global profile. > OK, I mistook about Radius, but here is my TNT config : admin> list domain-name = oleane.net ... must-accept-address-assign = yes ... and admin> list ip-answer enabled = yes vj-header-prediction = yes assign-address = yes routing-metric = 1 Regarding what you have indicated below, the TNT should not accept a P50 to connect with an IP address which is not the one in the Radius profile, correct ? Anyone else sees this problem ? Regards, Paul Paul Rolland, rol@oleane.net OLEANE SA/Service Technique/Directeur Technique Adjoint OLEANE SA/Technical Service/Deputy Technical Manager -- Support technique et operationnel Oleane : support@oleane.net Test du mail : ping@oleane.net Please no MIME, I don't read it - Pas de MIME, je ne le lis pas Please no HTML, I'm not a navigator - Pas d'HTML, je ne suis pas un navigateur "We all want to change the world" - The Beatles - Revolution ++ Ascend Users Mailing List ++ To unsubscribe: send unsubscribe to ascend-users-request@bungi.com To get FAQ'd: <<A HREF="http://www.nealis.net/ascend/faq">http://www.nealis.net/ascend/faq</A>> </PRE> <!--X-MsgBody-End--> <!--X-Follow-Ups--> <HR> <STRONG>Follow-Ups</STRONG>: <UL> <LI><STRONG><A HREF="msg09370.html">Re: (ASCEND) TNT : weakness in authentication process</A></STRONG></LI> <UL> <LI><EM>From</EM>: Tim Basher <basher@alpha.CES.CWRU.Edu></LI> </UL> </UL> <!--X-Follow-Ups-End--> <!--X-References--> <STRONG>References</STRONG>: <UL> <LI><STRONG><A HREF="msg09349.html">Re: (ASCEND) TNT : weakness in authentication process</A></STRONG></LI> <UL> <LI><EM>From</EM>: Tim Basher <basher@alpha.CES.CWRU.Edu></LI> </UL> </UL> <!--X-References-End--> <!--X-BotPNI--> <HR> <UL> <LI>Prev by Date: <STRONG><A HREF="msg09354.html">Re: (ASCEND) Max TNT upgrade from 1.2ap12 to 1.3Ap6</A></STRONG> </LI> <LI>Next by Date: <STRONG><A HREF="msg09352.html">RE: (ASCEND) SNMP for CLID number?</A></STRONG> </LI> <LI>Prev by thread: <STRONG><A HREF="msg09349.html">Re: (ASCEND) TNT : weakness in authentication process</A></STRONG> </LI> <LI>Next by thread: <STRONG><A HREF="msg09370.html">Re: (ASCEND) TNT : weakness in authentication process</A></STRONG> </LI> <LI>Index(es): <UL> <LI><A HREF="mail27.html#09355"><STRONG>Main</STRONG></A></LI> <LI><A HREF="thrd191.html#09355"><STRONG>Thread</STRONG></A></LI> </UL> </LI> </UL> <!--X-BotPNI-End--> <!--X-User-Footer--> <!--X-User-Footer-End--> </BODY> </HTML>