Hi Arturo -

> > Port-Limit is not the solution. Neither is Simultaneous-Usage.
> > 
> I don't quite agree with you :-)
> Port-Limit is a reply-list item. If the NAS is multilink aware it
> should handle it.
> The issue here is what happens when either the second (well in fact
> not-the-first channel) comes up or another user tries to dial up from
> another box. We should permit the first case to go through (if it's a
> Port-Limit=2 user) but we shouldn't the second one.
> Here's an accounting trace from a Multilink user:
> 

Thanks for the traces, but they only show Accounting-Request packets, not the
initial Access-Request(s). If there is only one Access-Request, we may be able
to do something by caching the Port-Limit in the SessionDatabase (this is
hypothetical only - I haven't spoken to Mike about it). However, if the NAS
sends an identical Access-Request for both (or more) channel connections, then
there is still a problem as Radiator has no way of knowing what is going on.

I think we all agree that there is a gray area in the Radius protocol regarding
multilink PPP. Anyone have time to write an RFC?

cheers

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to