[Ascend] Re: (ASCEND) New APX config issues

Fri Apr 6 11:54:58 CDT 2001

In article <3ACCE295.1D4A3F at lucentradius.com> you wrote:
> Paul Gregg wrote:
>  
>> However on the APX, if I use clid-prefer, I can reject the connection ok,
>> but the APX simply accepts non-rejected connections without a username
>> or password.  Not good.
> 
> In ComOS an empty reply to a pre-auth ment ask again.  In TAOS empty means
> don't ask as far as I know.  To force a second request when the call is
> answered add the following to the pre-auth reply:
> 
> Ascend-Require-Auth=Require-Auth

I tried this (with clid-prefer) and can see the following:

(Using Radiator)
Fri Apr  6 17:29:40 2001: DEBUG: Handling request with Handler 'Service-Type=Out
bound-User'
Fri Apr  6 17:29:40 2001: DEBUG: Deleting session for 02890425393, 212.108.64.10
4, 1
Fri Apr  6 17:29:40 2001: DEBUG: Handling with Radius::AuthFILE
Fri Apr  6 17:29:40 2001: DEBUG: Radius::AuthFILE looks for match with 028904253
93
Fri Apr  6 17:29:40 2001: DEBUG: Radius::AuthFILE looks for match with DEFAULT
Fri Apr  6 17:29:40 2001: DEBUG: Radius::AuthFILE ACCEPT: 
Fri Apr  6 17:29:40 2001: DEBUG: Access accepted for 02890425393
Fri Apr  6 17:29:40 2001: DEBUG: Packet dump:
*** Sending to 212.108.64.104 port 7007 ....
Code:       Access-Accept
Identifier: 24
Authentic:  xxxxx
Attributes:
        Ascend-Require-Auth = Require-Auth

Which is what I would expect as the DEFAULT service has one reply of:
DEFAULT Service-Type = Outbound-User
        Ascend-Require-Auth = Require-Auth

As you can see I am using an Ascend dictionary file, but have renamed some
Attributes to remain compatible with the PM4, e.g. Framed-IP-Address
instead of Framed-Address, added in Call-Check, etc.  This will have no effect
on the APX as only values are passed back and forward. So, for now, I don't
need to update the format of my Auth handles, users file, mysql users, or
any Radius reply attrs.

However, as before the APX establishes the connection as soon as negotiation
is complete without requiring any authentication.

Paul.

PS. When I get this working, I promise I'll update RadiusReport for better
Ascend support (he said begging for help) ;-)
-- 
| Paul Gregg			|T: +44 (0) 28 90424190
| Technical Director		|F: +44 (0) 28 90424709
| The Internet Business Ltd	|W: http://www.tibus.com
| Holywood House, Innis Court	|E: info at tibus.com
| Holywood, Co Down, BT18 9HF	|P: pgregg at tibus.com

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request at bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>