> MegaZone writes:
[..]
> >You'll need two entries. To do the auto-detect like mgetty:
> >
> >[...]
> >
> >The first entry will match the user when there is a 'hint' of PPP sent.
> >NASes can do this when they see PPP started by the user, they know the
> >user is trying PPP so they can included a 'Framed-Protocol' value in
> >the Auth-Request to 'hint' to RADIUS what is wanted.
> >
> >If the hint is not present it will fall through to the second entry, which
> >is the telnet profile.
>
>
> That all makes sense, and almost works. Here's my config:
>
> testing Password = "testing"
> Service-Type = Framed-User,
> Framed-Protocol = PPP,
> Framed-IP-Address = 255.255.255.254,
> Framed-Routing = None,
> Framed-MTU = 1500
This should be:
testing Password = "testing", Framed-Protocol = PPP <-------
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Framed-Routing = None,
Framed-MTU = 1500
Here is why you need the "Framed-Protocol" there.. The format of a RADIUS
entry is like this:
<username> <requirements_to_authenticate>, ... , ...
<options_after_authenticated>,
....,
...
Adding the "Framed-Protocol" line to the top under "requirements" means
that the connection must be a PPP connection _already_ for this profile to
be used at all. When in the case of a dial-up user using PAP the
connection becomes PPP immediately upon connect before authentication of
any type has occurred.
> testing Password = "testing"
> Service-Type = Login-User,
> Login-Service = Telnet,
> Login-IP-Host = 208.131.233.11
>
> When I dial in non-PPP (hyperterminal) I get a login prompt, log in,
> and then the PM starts PPP!
>
[..]
----
Josh Richards - <jrichard@livingston.com>
Beta Engineer
Lucent Technologies (Remote Access Business Unit)
(previously Livingston Enterprises, Inc.)
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.