> Once upon a time David Ackerman shaped the electrons to say...
> >Has anyone been able to use RADIUS authentication on dialout? We have a
>
> Remote Authentification Dial *IN* User Service. ;-)
>
> It isn't called for dialout.
>
Why not? Using outbound security as described in appendix D (old
manual), you may use RADIUS for authentication ;-)
> >I have no problem adding another prefix to our modified radiusd, but that
> >is moot if the PM can't use it. I have already asked Livingston support
>
> It isn't supported at this time, the ComOS doesn't call to Radius for
> dialout. It would require a client side modification to do this. You
> could open an RFE to have this in a future release.
Or use outbound security. Define the device_service for your serial
ports for telnet and a port number between 10000 and 10100. Then
define dialout users in your RADIUS database, for example
s1 Password = "UNIX"
User-Service-Type = Login-User,
Login-Host = x.x.x.x, (ip address of this portmaster)
Login-Service = Telnet,
Login-TCP-Port = 10001
Now dialout connections are authenticated and accounted by RADIUS.
If you want additional functions like blacklisting of phone numbers,
you can use the U.S.Robotics Total Control Modemrack with SNMP
extensions. There you have the TC Security Server, which allows
blacklisting and authentication based on RADIUS. A Windows-based
RADIUS server is shipped with it, but *shudder*...
Better use existing RADIUS servers.
regards,
Frank
-- ***** The expressed opinions are totally mine! ***** Frank M. Heinzius MMS Communication GmbH frimp@mms-gmbh.de Eiffestrasse 598 Phone: +49 40 211105-0 Fax: +49 40 210 32 210