Re: (ASCEND) multiple clients using one rad server

To: ascend-users@bungi.com
Subject: Re: (ASCEND) multiple clients using *one* rad server
From: Corey <corey@virtual-impact.com>
Date: Tue, 14 Jul 1998 13:23:17 -0700 (PDT)
In-Reply-To: <88256641.0063E28F.00@smtp-mta.ascend.com>
Reply-To: Corey <corey@virtual-impact.com>
Sender: owner-ascend-users@max.bungi.com

Ok, this is precisely what I thought - after perusing the MAX 1800
Radius Supplement, I attempted to use both NAS-Identifier and 
NAS-IP-Address ... neither work. ( by the way - what the hell's a
NAS, anyhow?? )

First off, heres an example of a user profile I've been toying with:

goober	Password = "fake" 
        NAS-Identifier = "netserv", 
        User-Service = Framed-User,
        Ascend-Metric = 1
        Ascend-Idle-Limit = 3000

Now, netserv is in the clients file ( the US Robotics NETServer ),
as well as visi-central ( the MAX 1800 ).

After doing an Update Remote Config on the MAX, then dialing into
it and logging in using the above user ... it lets me in. 
In fact, no matter what I put for NAS-Identifier ( quoted, non-quoted,
IP address, hostname, total garbage,  etc. ) - nothing seems
to be affected.

But if I copy the example you gave me, i.e. :

goober	Password = "fake", NAS-Identifier = "netserv"
	User-Service = Framed-User,
	Ascend-Metric = 1,
	Ascend-Idle-Limit = 3000

Then I get a Bad Password message on the MAX - which at first seems
like I accomplished my mission - but I *also* get an 'Invalid Login'
message from the NETServer ( netserv ). So either it doesn't do
anything to either router, *or* it hoses *both* of them.

Argh. What am I missing here?  I've tweaked with that profile in
every conceivable way and read and re-read the ( frustratingly
terse ) ascend radius documentation - alas , to no avail ...

I really don't want to set up to different radius deamons on 
different ports just to do this.

All advice is very much appreciated, thanks.

Beers,

Corey
corey@virtual-impact.com

On Tue, 14 Jul 1998 Willie.Meagher@ascend.com wrote:

> 
> 
> You can use either NAS-Identifier or NAS-IP-Address as a Check-Item in your
> Radius profiles.
> 
> e.g.  you have 2 NAS' sending requests to the same Radius server;  MAX1 and
> MAX2
> 
> You build a profile for a user named "willie", but you only want him to
> access your network via MAX1.  You can restrict him to that NAS by building
> the following profile in Radius
> 
> willie    Password = "whatever", NAS-Identifier = "MAX1"
>      User-Service = Framed-User,
>      Framed-Protocol = PPP,
>      Ascend-Assign-IP-Pool = 1
> 
> If I dial into MAX2, the authetication request forwarded to Radius will be
> rejected because the NAS-Identifier will not match the Check-Item in the
> Radius profile.
> 
> Willie
> Ascend Communications
> 
> 

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: RE: (ASCEND) Max4048 won't answer the lines
Next by Date: (ASCEND) Dialouts using PPP and AAC
Prev by thread: Re: (ASCEND) multiple clients using *one* rad server
Next by thread: Re: (ASCEND) multiple clients using *one* rad server
Index(es):
- Main
- Thread

Re: (ASCEND) multiple clients using *one* rad server

Re: (ASCEND) multiple clients using one rad server