Hello Danny -
On Wed, 02 Feb 2000, Danny Whitesel wrote:
>
> In looking over the examples in /goodies, the documenation regarding AuthBy
> SQL and the example database created with mysqlCreate.sql, I am a bit
> confused over one issue. How do "check attributes" come into during a RADIUS
> authentication? Again, I am a bit new to RADIUS and do not yet have a full
> grasp on the protocol.
>
> As I understand it, the NAS send a RADIUS request to the RADIUS server
> consisting of an encrypted username and password. That username and password
> is checked against an authentication database of some type and is either
> rejected or athenticated. An authentication is accompanied by attributes
> that give the NAS certain configuration parameters for that particular
> session.
>
> This brings me to ask the question, "Where do "check attributes" come into
> play." I assume these "check attributes" are sent by the NAS? But, what
> determines their value? Do I need to implement any "check attributes" in my
> config? How will I know if I do? At present, our needs are pretty basic and
> straight forward:
>
> - one 3Com Total Control hub
> - one domain
> - mostly 56K dialups, but a handfull of ISDN centrexes rolling in which
> require static IPs and no timeouts
>
Check attributes do not necessarily have to be present in the incoming radius
request, although they can be if a user is trying to telnet into a box for
example, or dialling in to a particular phone number. Other check attributes
from Radiator's point of view could be the number of concurrent channels the
user is allowed to dial up, the time of day that he is allowed to dial up, etc.
Have a look at section 13.1 in the Radiator 2.14.1 reference manual for a
discussion on check items.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
