At 04:44 PM 3/27/2002 +0000, stuartc wrote:
> >
> > I think you're confused as to how RADIUS works.
>
>I think you might be confused as to what I need.....
>
> > - There will NEVER be a 'Acct-Session-Id' in an authentiction packet
>
>Please see debug below, on all stages of the call the Acct-Session-Id =
>"00000660" is clear...All I wanna do is use this to disconnect the call
>
> >
> > - If you know in the authentication packet that you want to disconnect
> > the user, you just send an Access-Reject. You don't need to send
> > a disconnect packet
>
>I can't send an access reject it is too late in the training up process I
>want to reject on the number dialed but after the call has been answered
>by the NAS, I know this is non standard I want to know if there is a way
>round doing this.
Ahhhh, you want to do 'call-check'. If you have ISDN, and your NAS
supports it, you can do a two-stage authentication as follows:
o Call set up signalling is received by NAS.
o NAS sends clid ( call-from/call-to ) to Radius Server.
o Radius Server replies with:
- Reject - NAS presents busy signal to user and drops call.
- Accept - NAS hands call off to modem for "normal" answering.
o Modems negotiate, NAS does "normal" Radius authentication for the
user.
This is feature that has to be supported by the NAS. I know that Livingston
PM3's did this. I believe cisco can do this as well.
You'll need to find out whether your particular NAS support this, as that
is the only way to do this the way you want.
Your only other alternative is to supply a 'Reject' at the normal
authentication time, which will drop the users call.
-Chris
--
\\\|||/// \ StarNet Inc. \ Chris Parker
\ ~ ~ / \ WX *is* Wireless! \ Director, Engineering
| @ @ | \ http://www.starnetwx.net \ (847) 963-0116
oOo---(_)---oOo--\------------------------------------------------------
\ Wholesale Internet Services - http://www.megapop.net
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
