I'm using Cisco preauth feature on an AS5300 series acting as standard modem
RAS against a FreeRADIUS. I use it to blacklist some ANIs that aren't
allowed to put a call on my gear, and I need to do it before the call gets
answered.
It is working great in the sense that I get the blacklisted numbers rejected
without sending an Answer signal on the PSTN line, due to that Cisco's
preauth feature makes it to do an Access-Request before it answers the call,
but FR treats it as a normal packet, with the only detail that it has lesser
information (i.e, in the modem RAS case, you dont have the real UserName
until you answer the call and modem negotiation ends up, so Cisco normally
lets you put the DNIS or ANI or something in the UserName field and
password).
The only two details is this and the fact that from FR's point of view, the
NAS will be doing Auth twice, one for the "preauth" fase on the cisco, and
another for the real "auth" fase. So you will be seeing two Access-Request
packets from NAS.
Ing. Paolo Rotela
Jefe Técnico
Blue Telecom
----- Original Message -----
From: "Alan DeKok" <[EMAIL PROTECTED]>
To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Sent: Wednesday, October 05, 2005 3:41 PM
Subject: Re: Call-Check
"Jonathan De Graeve" <[EMAIL PROTECTED]> wrote:
>From the site:
RADIUS Debugging File
FreeRADIUS server does not support preauthentication. There is no
example for this case.
I'm not sure it's true.
Please configure the pre-authentication as they describe, run
FreeRADIUS in debugging mode, and try using preauthentication. Post
the results to the list.
Also, configure ACS (or a server that *does* support
preauthenticat), run some requests, capture the output with tcpdump,
and post the capture file on a web page.
From what I can see of Table 10, they're not doing anything magic.
There's no reason why you can't configure preauthentication using
FreeRADIUS.
Alan DeKok.
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html