Re: (ASCEND) CHAP Authentication in Access Control RADIUS Profiles

[basher@alpha.ces.cwru.edu (Tim Basher)]

> Can I set the MAX NAS servers to PAP (allowing NT authentication), and
> include additional RADIUS parameters into the RADIUS profiles above to
> preserve CHAP on these specific profiles?  If so which attributes need
> to be added???

No, you cannot.  The reason is during normal user authentication, a RADIUS
message is not sent from the MAX to the RADIUS server until it has gathered
the authentication information.  At that point in time, the MAX has already
chosen either PAP or CHAP.
 
It seems to me that if you have more than one MAX that you set up one
(or more) MAX for CHAP authentication and the one (or more) MAX for
PAP authentication and just make sure that the users call the correct
phone number then you would not need to do anything fancy.

Alternatively, if you just switch the Pipelines to use PAP rather than CHAP
then you do not need separate phone numbers and both users could then
authenticate.

In theory, *if* there was a RADIUS parameter supported by the MAX that
could allow you to over-ride the Answer profile's Recv Auth parameter,
AND you were doing Id Auth (CLID or DNIS authentication) to do first
stage authentication AND you then required second stage user authentication
AND you set up separate phone numbers for your Pipelines, *then* you could
change the behavior of the MAX when it tried to do user authentication and
you could do what you desire.  But that is quite a set of conditions.

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

---

• Prev by Date: Re: (ASCEND) 6.0.10 for Max
• Next by Date: (ASCEND) Pool Leak Rant
• Prev by thread: (ASCEND) CHAP Authentication in Access Control RADIUS Profiles
• Next by thread: (ASCEND) Expect script wanted:
• Index(es):
  • Main
  • Thread