(PM) Automatic outbound telnet (fwd)

MegaZone (megazone@livingston.com)
Fri, 2 Jan 1998 11:53:48 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: John Vozza: "Re: (PM) WAN card for PM3 (fwd)"
Previous message: Todd R. Eigenschink: "(PM) PM command-line editing & history"

Once upon a time Todd R. Eigenschink shaped the electrons to say...
>I'm trying to do something similar with the PM3, but I can't quite
>figure it out from the radius book. It sounds like there might need
>to be separate usernames for the two types of connections; that's

Seperate profiles for the same user at least.

>Here's what I have now.
>
>test Password = "test"
> Service-Type = Login-User,
> Login-IP-Host = 208.131.233.11,
> Login-Service = Telnet
>
>
>Here's what shows up in the log:
>
>Jan 2 10:05:39 sol radius[16547]: radrecv: Request from host 208.131.233.4 code=1, id=71, length=62
>Jan 2 10:05:39 sol radius[16547]: User-Name = "test"
>Jan 2 10:05:39 sol radius[16547]: Password = "\350Ji\255\210\3215\267j8\023<3\300\375\177"
>Jan 2 10:05:39 sol radius[16547]: NAS-IP-Address = 208.131.233.4
>Jan 2 10:05:39 sol radius[16547]: NAS-Port = 99
>Jan 2 10:05:39 sol radius[16547]: Service-Type = Outbound-User
>Jan 2 10:05:39 sol radius[10514]: Sending Accept of id 71 to io.mixi.net (208.131.233.4)
>Jan 2 10:05:39 sol radius[10514]: Service-Type = Outbound-User
>Jan 2 10:05:39 sol radius[10514]: Login-IP-Host = 208.131.233.11
>Jan 2 10:05:39 sol radius[10514]: Login-Service = Telnet

Um - I find that hard to believe. This is the log from THAT user? I don't
believe that is possible, as this log shows RADIUS sending back a Service-Type
of "Outbound-User" but the user entry is "Login-User".

You don't have another entry for 'test', or perhaps a DEAFULT user, before
this user entry, do you? Or is this log from an earlier trial? And since
the PM hinted that this was an Outbound-User this was not a log from a
dialin attempt...

>I've tried various combinations of Service-Type, port configuration,
>etc. I'm not at my wit's end, exactly; I just don't know what to do.
>I don't fully understand Service-Type and Login-Service; they seem to
>conflict a little bit.

First of all you need to have the ports set up to allow inbound shell AND
PPP users. 'set all login network dialin'. And 'set all security on'.

You'll need two entries. To do the auto-detect like mgetty:

user Auth-Type = Local, Password = "password", Framed-Protocol = PPP
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-IP-Netmask = 255.255.255.255,
Framed-Routing = None,
Framed-Compression = Van-Jacobson-TCP-IP,
Framed-MTU = 1500

user Auth-Type = Local, Password = "password"
Service-Type = Login-User,
Login-Service = Telnet,
Login-IP-Host = 208.131.233.11

The first entry will match the user when there is a 'hint' of PPP sent.
NASes can do this when they see PPP started by the user, they know the
user is trying PPP so they can included a 'Framed-Protocol' value in
the Auth-Request to 'hint' to RADIUS what is wanted.

If the hint is not present it will fall through to the second entry, which
is the telnet profile.

-MZ

--
Lucent Remote Access Division - Chair, Department of Interstitial Affairs
Phone: 800-458-9966 510-737-2100 FAX: 510-737-2110 megazone@livingston.com
For support requests: support@livingston.com  <http://www.livingston.com/> 
Snail mail: 4464 Willow Road, Pleasanton, CA 94588
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.

Next message: John Vozza: "Re: (PM) WAN card for PM3 (fwd)"
Previous message: Todd R. Eigenschink: "(PM) PM command-line editing & history"