Re: (ASCEND) Intermittent LAN security errors

To: Jack Daniels <Ascend@Colloquium.co.uk>
Subject: Re: (ASCEND) Intermittent LAN security errors
From: Thaddaeus.Slany@bnv-gz.baynet.de (Thaddaeus Slany)
Date: Thu, 17 Dec 1998 15:53:56 GMT
Cc: ascend-users@bungi.com, technik@bnv-gz.baynet.de
In-Reply-To: <3.0.6.32.19981215195555.007bc4b0@pop3.colloquium.co.uk>
Organization: Technische Universitaet Muenchen
References: <3.0.6.32.19981215195555.007bc4b0@pop3.colloquium.co.uk>
Reply-To: Thaddaeus.Slany@bnv-gz.baynet.de
Sender: owner-ascend-users@max.bungi.com

On Tue, 15 Dec 1998 19:55:55 +0000, Jack Daniels <Ascend@Colloquium.co.uk>
wrote:

>Hi;
>
>Recently, our Ascend server has begun to intermittently report LAN security
>errors, when the username and password being supplied are correct.  Our
>system is configured as follows :-
>
>Ascend box :-
>Ascend Max 4060, System software v6.1.7, all 60 lines incoming are on a 
>
>Two RADIUS servers doing authentication :-
>Running Solaris 2.5.1, RADIUS v1.16 (Ascend extensions) 1998/18/06,
>dictionary 29.72 1998/08/18
>
>Rebooting the RADIUS servers and/or the Ascend servers had no effect.
>fsck'ing of all the filesystems on both RADIUS servers has shown no errors,
>and the details in the RADIUS users file are definitely correct, and
>correlate with the details that the users are supplying.  There seems to be
>no pattern at all - every so often, the Ascend server starts reporting LAN
>security errors for certain users, even when they are definitely supplying
>the correct details.
>
>Does anyone have any idea why this is happening ?  We've tried everything
>we could think of, and have been unable to rectify the problem.
>
>Thank you;
>Colloquium Internet Technical Support.

Hi!

Does the user -by mistake- request a specific ip-address from the
dynamically assigned dialin-pool? This could lead to a security error if
the requested ip is already in use by another user. On heavy loaded boxes
the chance to successfully use your own fixed ip-address from the
dynamically assigned pool is not very high!

I personally put back this behavior with "Trumpet Winsock 3.x". If you open
"File" -> "Setup" and then press "ok" after having successfully dialed in,
dynamically assigned ip-address is saved in Trumpet's config and the pseudo
ip-address "0.0.0.0" for dynamic ip assignment is overwritten! When you are
dialing in next time, Trumpet Winsock is using this saved ip-address
causing security errors if the address is already in use.

For confirmation you can check your detail file for constant ip addresses
of your problem users.

[cc ascend-users@bungi.com]

Best regards
--
Thaddaeus Slany, Technik Buergernetzverein Guenzburg e.V.
                 http://www.bnv-gz.baynet.de

Internet Mail: <highway@eikon.e-technik.tu-muenchen.de> or
               <Thaddaeus.Slany@bnv-gz.baynet.de>

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

References:
- (ASCEND) Intermittent LAN security errors
  - From: Jack Daniels <Ascend@Colloquium.co.uk>
- (ASCEND) Intermittent LAN security errors
  - From: Jack Daniels <Ascend@Colloquium.co.uk>

Prev by Date: Re: (ASCEND) Windows 98 dial-in to Ascend Max200+
Next by Date: (ASCEND) Pipeline 50HX
Prev by thread: Re: (ASCEND) Intermittent LAN security errors
Next by thread: (ASCEND) CBCP dialback failing modem negotiation? Bug?
Index(es):
- Date
- Thread