RE: RE: (ASCEND) False radius information

TO: ascend-users@bungi.com, Willie.Meagher@ascend.com
Subject: RE: RE: (ASCEND) False radius information
From: Edwin_Everett@cargill.com
Date: Wed, 26 May 1999 20:23:55 -0500
Sender: owner-ascend-users@max.bungi.com


I'm seeing these every time someone tries to dial in, not just when the 
1800 boots. That's what had me concerned. Any reason why these would 
keep coming?

edwin_everett@cargill.com

-----Original Message-----
From: Willie.Meagher@ascend.com [mailto:Willie.Meagher@ascend.com]
Sent: Wednesday, May 26, 1999 11:33 AM
To: 'ascend-users@bungi.com'
Subject: RE: (ASCEND) False radius information





I'm assuming SDI/Radius means Security Dynamics Radius i.e. ACE
authentication.

On each Client that you define on the ACE server, a list of users are
activated for that user.

When the MAX 1800 boots up, the MAX sends out a list of authentication
requests which are used to retrieve configuration information from 
Radius
e.g. pools, banners, etc.   These are treated by Radius as ordinary
authentication requests.  When these usernames are looked up on the ACE
server, these users will not be listed as valid users for that client 
which
I believe is what's generating those messages you're seeing.

Unfortunately right now, there's no way to disable the generation of 
these
authentication requests when the MAX boots up.  A feature to allow you 
to
do so will be added in TAOS 8.0

Another option would be to put an entry for each of these configuration
profiles in your users file on the Radius server. That would prevent the
usernames being passed to the ACE server.  You could use a bogus 
password
so the authentication requests are rejected. Let me know if you want to 
do
this and I can forward you a complete list of all the different config
requests generated by the MAX at boot up time (or when you do an Update 
Rem
Cfg)

However, having said all that, the errors themselves shouldn't cause any
problems and shouldn't be of too much concern.

Willie Meagher






Edwin_Everett@cargill.com on 05/26/99 09:33:00 AM

To:   ascend-users@bungi.com
cc:
Subject:  RE: (ASCEND) False radius information




I saw that Jason Nealis had posted a similar question but no responses
are available...so here goes...

I have a new 1800 that is trying to auth to SDI/Radius. The SDI/Radius
logmons are showing something like

User <pools-/192.192.192.111> User not on client
User <dovbs1-/192.192.192.111> User not on client
User <permconn-/192.192.192.111> User not on client
User <init-banner-/192.192.192.111> User not on client

Can someone point us in the right directionas to what's incorrectly set
on the MAX1800 were using?

Thanks

edwin_everett@cargill.com

WINMAIL.DAT

Prev by Date: (ASCEND) BACP between Pipeline 130 and Cisco 3640 (11.3)
Next by Date: (ASCEND) Re: BACP between Pipeline 130 and Cisco 3640 (11.3)
Prev by thread: RE: (ASCEND) False radius information
Next by thread: (ASCEND) SNMP MIB for Connects/Fails
Index(es):
- Date
- Thread