Re: Call-Check

Wed, 05 Oct 2005 13:31:47 -0700

I'm using Cisco preauth feature on an AS5300 series acting as standard modem RAS against a FreeRADIUS. I use it to blacklist some ANIs that aren't allowed to put a call on my gear, and I need to do it before the call gets answered.
It is working great in the sense that I get the blacklisted numbers rejected without sending an Answer signal on the PSTN line, due to that Cisco's preauth feature makes it to do an Access-Request before it answers the call, but FR treats it as a normal packet, with the only detail that it has lesser information (i.e, in the modem RAS case, you dont have the real UserName until you answer the call and modem negotiation ends up, so Cisco normally lets you put the DNIS or ANI or something in the UserName field and password). 


The only two details is this and the fact that from FR's point of view, the 
NAS will be doing Auth twice, one for the "preauth" fase on the cisco, and 
another for the real "auth" fase. So you will be seeing two Access-Request 
packets from NAS.


Ing. Paolo Rotela
Jefe Técnico
Blue Telecom

----- Original Message ----- 
From: "Alan DeKok" <[EMAIL PROTECTED]>

To: "FreeRadius users mailing list" <freeradius-users@lists.freeradius.org>
Sent: Wednesday, October 05, 2005 3:41 PM
Subject: Re: Call-Check



"Jonathan De Graeve" <[EMAIL PROTECTED]> wrote:

>From the site:
RADIUS Debugging File
FreeRADIUS server does not support preauthentication. There is no
example for this case.


 I'm not sure it's true.

 Please configure the pre-authentication as they describe, run
FreeRADIUS in debugging mode, and try using preauthentication.  Post
the results to the list.

 Also, configure ACS (or a server that *does* support
preauthenticat), run some requests, capture the output with tcpdump,
and post the capture file on a web page.

 From what I can see of Table 10, they're not doing anything magic.
There's no reason why you can't configure preauthentication using
FreeRADIUS.

 Alan DeKok.

-

List info/subscribe/unsubscribe? See 
http://www.freeradius.org/list/users.html





- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html





















					Reply via email to