Radius ABM does indeed use SNMP as a back-channel, from what I
have heard on this list.
>Hmm.. this is an ISDN
>problem, and IIRC, the only way to tell a multilink from a multiple
>login is to compare the IP address.
I've tried that, but at authentication time the IP address is not
reported. At that point, the portmaster doesn't realize yet that
the login is the slave of a MPPP link.
Which raises the question, how would you prevent people from
logging in twice (account-sharing) but allow them to use multilink
PPP for a small extra fee. Because all phone calls are metered here
in Europe people will use the MPPP option only a small part of the
time anyway.
Is there a way to find out if a call is indeed a slave MPPP link,
or is that simply not negotiated yet at login time? If it is,
are there plans to send this info to the radius server, or
should I submit an RFE?
Hmm, ofcourse, if you don't allow simultaneous logins, but
Session-Limit = 2, you could just assign the 2nd login the
same IP address. Works for MPPP, prevents the 2nd login from
working (and the first hehe)
>This bug causes the hypothetical
>"who's on" database to falsely contain a START record for which a STOP
>is never received. Therefore, when the user logs out and back in,
>unless they happen to get the same IP, the system would assume that
>they are already logged on and refuse them access.
Unless, ofcourse, you use SNMP to do an extra check. There is at
least one completely free radius server that does this, but it has
been said on this list so many times I'm not going to repeat it :)
Mike.
--
Miquel van Smoorenburg | The dyslexic, agnostic, insomniac lay in his bed
miquels@cistron.nl | awake all night wondering if there is a doG
--
The From: and Reply-To: addresses are internal mail2news gateway addresses.
Reply to the list or to miquels@cistron.nl (Miquel van Smoorenburg)
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.