(ASCEND) Steel-Belted RADIUS, RADIATOR, or AAC

To: "'ascend-users@max.bungi.com'" <ascend-users@max.bungi.com>
Subject: (ASCEND) Steel-Belted RADIUS, RADIATOR, or AAC
From: "Llabona, Nelson" <nllabona@Harris.COM>
Date: Fri, 31 Jul 1998 10:37:21 -0400
Sender: owner-ascend-users@max.bungi.com

Group,

I sent this 3 days ago and have yet to get any feedback.  Can any commercially
available RADIUS product do this ?

One possible solution, is to have a RADIUS service that separates the users
file,
i.e. vpn.users, max.users, 3com.users.  Where a user may be in one or more
of these ".users" files, yet be given the correct RADIUS "reply-items" unique
to the NAS server the user accessed.

Sincerely,
Nelson Llabona

	-----Original Message-----
	...
	I would like to know if any of you have ran into this yet, and if so
what
	you did to solve this problem.

	We are currently evaluating Steel-Belted RADIUS.

	We would like to support VPN and Ascend Dial-In service using 1 RADIUS
server.
	All RADIUS authentication requests would be forwarded to NT.
	Here is my dilema,
	user_A belongs to the VPN NT group and needs x specific RADIUS reply
attributes.
	user_B belongs to the ASCEND NT group and needs y specific RADIUS reply
attributes.
	user_C belongs to both the VPN and ASCEND NT group and
	        needs x specific RADIUS reply attributes when connecting through
VPN,
	        but need y specific RADIUS reply attributes when dialing in
through ASCEND.

	I think I can support user_A and user_B, using the
	NAS-Identifier IP address as a check item.
	But what do I do about user_C.

	If I understand the way radius works, sequentially, or top down,
	then the following will happen if user_C is defined in the VPN
	NT group AND the ASCEND NT group.

	If user_C comes in through VPN and RADIUS goes sequentially down
	the "users" file and finds his account in the VPN NT group he is
	authenticated and given the correct x attributes.

	If user_C comes in the ASCEND and RADIUS goes sequentially
	down the "users" file, it find his name in the VPN NT group,
	but the NAS-Identifier check item is invalid, so authentication
	fails.  RADIUS does not continue to look through the rest of the "users"
	file to find his other user_C account under the ASCEND NT group.
++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: (ASCEND) MPP config help needed
Next by Date: (ASCEND) 100 Cause Code
Prev by thread: (ASCEND) 100 Cause Code
Next by thread: (ASCEND) MPP config help needed
Index(es):
- Main
- Thread