On Thu, 19 Aug 1999, David Lloyd wrote:
> On Wed, 18 Aug 1999, Arturo Pina wrote:
>
> > Hi,
> > Just to shed some light if I can...
> > Michael is meaning that it's not the same to have a single user using
> > 2 channels than two separate users using a channel each one. This
> > way he would lose a customer for the price of a 128k dialup access
> > might or might not be twice the price of a single access...
> > If I recall every major NAS can handle this situation (known as
> > Multilink PPP) and I always thought that Radiator did... I should go
> > back over to read the Radius RFC but the Port-Limit attribute is
> > thought exactly for this situation...
>
> I agree fully, we are facing the same thing here. We would like to have a
> global session limit of 1, and set each user's port-limit to the maximum
> number of channels they are alloted, becuase (for us) 128k ISDN (or 112k
> multilink analog) is cheaper than two 64k (or 56k) dialups. We have a
> one-login-per-computer policy, where a customer is not allowed to log in
> from more than one machine at a time.
>
> I am of the opinion that Radiator should if possible recognize a multilink
> connection as just one session!
AAHHHHH!!!! Now I see what you are meaning - I'm not usually so thick. :~)
I also see that it is going to get somewhat interesting, because this sort of
behaviour will of course depend almost entirely on the NAS in question. If the
NAS can indicate in the Radius Access-Request that the second channel request
is in fact just that (multilink PPP) then we will be able to do something
special. (Or indeed if the NAS is configured to accept additional channels
depending on a returned Port-Limit - although accounting could get messy.)
However, if the Access-Request from the NAS looks exactly like any other
Access-Request, then we will have no way to determine whether the request is
for the second channel of a multilink session, or for a completely different
session using the same username and password. In which case a Simultaneous-Use
for that user will be the only way to deal with it.
If someone would like to do some testing, I'd be happy to assist.
thanks to everyone who has commented
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
