RE: (RADIATOR) Simulatnius-usae and Port-limit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi all, Port-Limit is not the solution. Neither is Simultaneous-Usage. I don't quite agree with you :-) Port-Limit is a reply-list item. If the NAS is multilink aware it should handle it. The issue here is what happens when either the second (well in fact not-the-first channel) comes up or another user tries to dial up from another box. We should permit the first case to go through (if it's a Port-Limit=2 user) but we shouldn't the second one. Here's an accounting trace from a Multilink user: This is the first link going up... Fri Aug 20 09:18:12 1999 Acct-Status-Type = Start Acct-Session-Id = "84089cd9" Acct-Delay-Time = 0 NAS-Port = 23 NAS-Port-Type = ISDN User-Name = "protect-the-innocent" Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "917089800" Acct-Multi-Session-Id = "84089cd9" Acct-Link-Count = "0001" Acct-Authentic = RADIUS Framed-IP-Address = x.x.x.41 NAS-IP-Address = x.x.x.248 Timestamp = 935133492 And this is the second (note NAS-Port-Type) Fri Aug 20 09:18:24 1999 Acct-Status-Type = Start Acct-Session-Id = "84089cdb" Acct-Delay-Time = 0 NAS-Port = 5001 NAS-Port-Type = Virtual User-Name = "protect-the-innocent" Service-Type = Framed-User Framed-Protocol = PPP Acct-Multi-Session-Id = "84089cd9" Acct-Link-Count = "0002" Acct-Authentic = RADIUS Framed-IP-Address = x.x.x.170 NAS-IP-Address = x.x.x.248 Timestamp = 935133502 Second channel going down: Fri Aug 20 09:34:21 1999 Acct-Status-Type = Stop Acct-Session-Id = "84089cdb" Acct-Session-Time = 958 Acct-Delay-Time = 0 NAS-Port = 5001 NAS-Port-Type = Virtual User-Name = "protect-the-innocent" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = x.x.x.170 Acct-Input-Octets = 9758 Acct-Output-Octets = 81036 Acct-Input-Packets = 155 Acct-Output-Packets = 370 Acct-Multi-Session-Id = "84089cd9" Acct-Link-Count = "0002" Acct-Terminate-Cause = User-Request Acct-Authentic = RADIUS NAS-IP-Address = x.x.x.248 Timestamp = 935134459 And here we have the first channel dying... Fri Aug 20 09:34:21 1999 Acct-Status-Type = Stop Acct-Session-Id = "84089cd9" Acct-Session-Time = 970 Acct-Delay-Time = 0 NAS-Port = 23 NAS-Port-Type = ISDN User-Name = "protect-the-innocent" Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = x.x.x.41 Called-Station-Id = "917089800" Acct-Input-Octets = 10019 Acct-Output-Octets = 79367 Acct-Input-Packets = 169 Acct-Output-Packets = 385 Acct-Multi-Session-Id = "84089cd9" Acct-Link-Count = "0002" Acct-Terminate-Cause = User-Request Acct-Authentic = RADIUS NAS-IP-Address = x.x.x.248 Timestamp = 935134459 We're using 5399 as NASen and, this is the funniest, we're not using Radiator as authenticator here (just as a proxy; but it will change soon). Anyway it's the same for the sake of the problem. If we look at the RADIUS RFC: 5.42. Port-Limit Description This Attribute sets the maximum number of ports to be provided to the user by the NAS. This Attribute MAY be sent by the server to the client in an Access-Accept packet. It is intended for use in conjunction with Multilink PPP [7] or similar uses. It MAY also be sent by the NAS to the server as a hint that that many ports are desired for use, but the server is not required to honor the hint. So perhaps Acct-Multi-Session-Id and maybe Acct-Link-Count too could provide a handle on solving the problem. Well it was quite a long message. Sorry... - -- Arturo Pina / [EMAIL PROTECTED] Dpto. I+D / CTV-Jet (http://www.ctv-jet.com/) Tfno: +34 96 5845291 / Fax: +34 96 5844896 === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.1 for non-commercial use http://www.pgp.com iQA/AwUBN70ArmXwKH++xlSbEQK7OgCcCkpHKmCSZ0IJ3qlte+VVBEfUP1IAoIzU v7R0sOYEnLMQB3NPFTmvzzy7 =R9qT -END PGP SIGNATURE- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Simulatnius-usae and Port-limit
Hi Arturo - Port-Limit is not the solution. Neither is Simultaneous-Usage. I don't quite agree with you :-) Port-Limit is a reply-list item. If the NAS is multilink aware it should handle it. The issue here is what happens when either the second (well in fact not-the-first channel) comes up or another user tries to dial up from another box. We should permit the first case to go through (if it's a Port-Limit=2 user) but we shouldn't the second one. Here's an accounting trace from a Multilink user: Thanks for the traces, but they only show Accounting-Request packets, not the initial Access-Request(s). If there is only one Access-Request, we may be able to do something by caching the Port-Limit in the SessionDatabase (this is hypothetical only - I haven't spoken to Mike about it). However, if the NAS sends an identical Access-Request for both (or more) channel connections, then there is still a problem as Radiator has no way of knowing what is going on. I think we all agree that there is a gray area in the Radius protocol regarding multilink PPP. Anyone have time to write an RFC? cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
Hi I think that every Nas that can give multilink PPP is bind to Port-Limit. As for the Livingston(pm2-3) its does not care about Simultaneous Use at all, and just count the port. I wonder if livingston radius do it by SNMP or just remember the session in the memory Hugh Irvine wrote: On Thu, 19 Aug 1999, David Lloyd wrote: On Wed, 18 Aug 1999, Arturo Pina wrote: Hi, Just to shed some light if I can... Michael is meaning that it's not the same to have a single user using 2 channels than two separate users using a channel each one. This way he would lose a customer for the price of a 128k dialup access might or might not be twice the price of a single access... If I recall every major NAS can handle this situation (known as Multilink PPP) and I always thought that Radiator did... I should go back over to read the Radius RFC but the Port-Limit attribute is thought exactly for this situation... I agree fully, we are facing the same thing here. We would like to have a global session limit of 1, and set each user's port-limit to the maximum number of channels they are alloted, becuase (for us) 128k ISDN (or 112k multilink analog) is cheaper than two 64k (or 56k) dialups. We have a one-login-per-computer policy, where a customer is not allowed to log in from more than one machine at a time. I am of the opinion that Radiator should if possible recognize a multilink connection as just one session! AAH Now I see what you are meaning - I'm not usually so thick. :~) I also see that it is going to get somewhat interesting, because this sort of behaviour will of course depend almost entirely on the NAS in question. If the NAS can indicate in the Radius Access-Request that the second channel request is in fact just that (multilink PPP) then we will be able to do something special. (Or indeed if the NAS is configured to accept additional channels depending on a returned Port-Limit - although accounting could get messy.) However, if the Access-Request from the NAS looks exactly like any other Access-Request, then we will have no way to determine whether the request is for the second channel of a multilink session, or for a completely different session using the same username and password. In which case a Simultaneous-Use for that user will be the only way to deal with it. If someone would like to do some testing, I'd be happy to assist. thanks to everyone who has commented Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody -- -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-6-6925757 Fax: 972-6-6925858 http://www.canaan.co.il -- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
On Thu, 19 Aug 1999, Ben-Nes Michael wrote: Hi I think that every Nas that can give multilink PPP is bind to Port-Limit. As for the Livingston(pm2-3) its does not care about Simultaneous Use at all, and just count the port. I wonder if livingston radius do it by SNMP or just remember the session in the memory Radiator can be configured to do either of the above, but again if the NAS sends an identical radius request, there is no good solution. cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
So how othe Radius server do this ? And what the livingston send that tell the Radius that its the second port of the current Session ? Hugh Irvine wrote: On Thu, 19 Aug 1999, Ben-Nes Michael wrote: Hi I think that every Nas that can give multilink PPP is bind to Port-Limit. As for the Livingston(pm2-3) its does not care about Simultaneous Use at all, and just count the port. I wonder if livingston radius do it by SNMP or just remember the session in the memory Radiator can be configured to do either of the above, but again if the NAS sends an identical radius request, there is no good solution. cheers Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-6-6925757 Fax: 972-6-6925858 http://www.canaan.co.il -- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
On Thu, Aug 19, 1999 at 04:56:11PM +0200, Ben-Nes Michael wrote: So how othe Radius server do this ? And what the livingston send that tell the Radius that its the second port of the current Session ? It's not able to do this. It can send Port-Limit = whatever You can configure Radiator to send the same Reply attribute, however, there's substantial caveats in the Livingston RADIUS server: http://www.livingston.com/tech/docs/radius/userinfo.html#1014088 Especially note that it only limits multilink ISDN sessions, it does not prevent two separate non-multilinked logins. It doesn't not solve the problem you face, you'll have to think of another way around it - static IPs, caller id, multilink session ids (if your NAS sends them - Cisco does). Port-Limit is not the solution. Neither is Simultaneous-Usage. [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Simulatnius-usae and Port-limit
Especially note that it only limits multilink ISDN sessions, it does not prevent two separate non-multilinked logins. It doesn't not solve the problem you face, you'll have to think of another way around it - static IPs, caller id, multilink session ids (if your NAS sends them - Cisco does). Port-Limit is not the solution. Neither is Simultaneous-Usage. One workaround is to assign the user the same IP address each time via Framed-IP-Address. Depending on the NAS, the call will either be terminated or the original or the new call won't function properly (also depends on your routing configuration). For example, if 2 calls are placed to a single Bay 5399 and the same IP address is assigned to both, the 2nd call will be terminated after NCP is established because the IP address that the Radius-Accept packet has told the 5399 to use is already in use locally. Regards, Andrew === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
But if ill put both set to 2 then i can easily have two users on 64k thats mean 1 less customer. I think the should be considered as bug. any one know the email of the developing team ? Hugh Irvine wrote: Hello Michael - On Wed, 18 Aug 1999, Ben-Nes Michael wrote: In the Livingston Radius Manual Port-Limit is the controller of how many B channel a user can use. so i put in the replay attribute: Port-Limit = 2 and in the check attribute: Simultaneous-Use = 1 and i get all the time when an ISDN user want to connect in 128k: INFO: Access rejected for : Simultaneous-Use of 1 exceeded Right, I see - Port-Limit as a Livingston Reply item. Well you will probably have to do both in that case, for those users who use 128k. You should have a Simultaneous-Use = 2 Check item, together with a Port-Limit = 2 Reply item for those users who have purchased that service. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody -- -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-6-6925757 Fax: 972-6-6925858 http://www.canaan.co.il -- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
On Wed, Aug 18, 1999 at 11:45:26AM +0200, Ben-Nes Michael wrote: But if ill put both set to 2 then i can easily have two users on 64k thats mean 1 less customer. I think the should be considered as bug. any one know the email of the developing team ? You might be able to do something with a PreAuthHook (if you can distinguish, from your NAS RADIUS client, the difference between two separate 64K channels and the forming of 128k channel). There's probably not much you can do if you can't tell the difference based on RADIUS between the two (allocate a static IP?). [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
Hello Michael - On Wed, 18 Aug 1999, Ben-Nes Michael wrote: But if ill put both set to 2 then i can easily have two users on 64k thats mean 1 less customer. I'm not sure I understand what you mean - if you have a customer using 128k, that customer will use 2 x 64k channels. If you have a 30 channel PRI (E1), you can support 15 x 128k customers or 30 x 64k customers, or anything in between. But you can never have more than 30 channels (or 24 in the US on a T1). I think the should be considered as bug. any one know the email of the developing team ? Mike reads this list, but he can't change telco bandwidth allocations. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Simulatnius-usae and Port-limit
On Wed, 18 Aug 1999, Arturo Pina wrote: Hi, Just to shed some light if I can... Michael is meaning that it's not the same to have a single user using 2 channels than two separate users using a channel each one. This way he would lose a customer for the price of a 128k dialup access might or might not be twice the price of a single access... If I recall every major NAS can handle this situation (known as Multilink PPP) and I always thought that Radiator did... I should go back over to read the Radius RFC but the Port-Limit attribute is thought exactly for this situation... I agree fully, we are facing the same thing here. We would like to have a global session limit of 1, and set each user's port-limit to the maximum number of channels they are alloted, becuase (for us) 128k ISDN (or 112k multilink analog) is cheaper than two 64k (or 56k) dialups. We have a one-login-per-computer policy, where a customer is not allowed to log in from more than one machine at a time. I am of the opinion that Radiator should if possible recognize a multilink connection as just one session! . Dave Lloyd [EMAIL PROTECTED] === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Simulatnius-usae and Port-limit
On Thu, 19 Aug 1999, David Lloyd wrote: On Wed, 18 Aug 1999, Arturo Pina wrote: Hi, Just to shed some light if I can... Michael is meaning that it's not the same to have a single user using 2 channels than two separate users using a channel each one. This way he would lose a customer for the price of a 128k dialup access might or might not be twice the price of a single access... If I recall every major NAS can handle this situation (known as Multilink PPP) and I always thought that Radiator did... I should go back over to read the Radius RFC but the Port-Limit attribute is thought exactly for this situation... I agree fully, we are facing the same thing here. We would like to have a global session limit of 1, and set each user's port-limit to the maximum number of channels they are alloted, becuase (for us) 128k ISDN (or 112k multilink analog) is cheaper than two 64k (or 56k) dialups. We have a one-login-per-computer policy, where a customer is not allowed to log in from more than one machine at a time. I am of the opinion that Radiator should if possible recognize a multilink connection as just one session! AAH Now I see what you are meaning - I'm not usually so thick. :~) I also see that it is going to get somewhat interesting, because this sort of behaviour will of course depend almost entirely on the NAS in question. If the NAS can indicate in the Radius Access-Request that the second channel request is in fact just that (multilink PPP) then we will be able to do something special. (Or indeed if the NAS is configured to accept additional channels depending on a returned Port-Limit - although accounting could get messy.) However, if the Access-Request from the NAS looks exactly like any other Access-Request, then we will have no way to determine whether the request is for the second channel of a multilink session, or for a completely different session using the same username and password. In which case a Simultaneous-Use for that user will be the only way to deal with it. If someone would like to do some testing, I'd be happy to assist. thanks to everyone who has commented Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
Yes its the easy way but: i don't want 2 64k Users to connect. Im selling the 128k as one unit non breakable. Hugh Irvine wrote: On Mon, 16 Aug 1999, Ben-Nes Michael wrote: Hi All If i put : Port-Limit = 2 and Simultaneous-Use = 1 can ISDN user connect in 128k ? Normally you would not use Port-Limit in this context, Port-Limit is for use in allocating total numbers of ports to particular groups of users. I would expect the correct approach to be to use Simultaneous-Use = 2, however this is dependent on the NAS behaviour. Most NAS's we've seen will do a Radius query for each individual channel open, together with individual Starts and Stops. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody -- -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-6-6925757 Fax: 972-6-6925858 http://www.canaan.co.il -- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
In the Livingston Radius Manual Port-Limit is the controller of how many B channel a user can use. so i put in the replay attribute: Port-Limit = 2 and in the check attribute: Simultaneous-Use = 1 and i get all the time when an ISDN user want to connect in 128k: INFO: Access rejected for : Simultaneous-Use of 1 exceeded Hugh Irvine wrote: On Mon, 16 Aug 1999, Ben-Nes Michael wrote: Hi All If i put : Port-Limit = 2 and Simultaneous-Use = 1 can ISDN user connect in 128k ? Normally you would not use Port-Limit in this context, Port-Limit is for use in allocating total numbers of ports to particular groups of users. I would expect the correct approach to be to use Simultaneous-Use = 2, however this is dependent on the NAS behaviour. Most NAS's we've seen will do a Radius query for each individual channel open, together with individual Starts and Stops. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody -- -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-6-6925757 Fax: 972-6-6925858 http://www.canaan.co.il -- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Simulatnius-usae and Port-limit
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yup, yes, sí, oui :-) Or at least it should ... - -- Arturo Pina / [EMAIL PROTECTED] Dpto. I+D / CTV-Jet (http://www.ctv-jet.com/) Tfno: +34 96 5845291 / Fax: +34 96 5844896 -Mensaje original- De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]En nombre de Ben-Nes Michael Enviado el: lunes, 16 de agosto de 1999 13:41 Para: '[EMAIL PROTECTED]' Asunto: (RADIATOR) Simulatnius-usae and Port-limit Hi All If i put : Port-Limit = 2 and Simultaneous-Use = 1 can ISDN user connect in 128k ? -- -- Canaan Surfing Ltd. Internet Service Providers Ben-Nes Michael - Manager Tel: 972-6-6925757 Fax: 972-6-6925858 http://www.canaan.co.il -- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -BEGIN PGP SIGNATURE- Version: PGPfreeware 6.5.1 for non-commercial use http://www.pgp.com iQA/AwUBN7fz72XwKH++xlSbEQKlJwCguGgaFPAn3bwmqbSzoQ9rABSk91UAn1Ca T9mY33oagdN4XC5p0zvSCSEI =7Tpk -END PGP SIGNATURE- === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Simulatnius-usae and Port-limit
On Mon, 16 Aug 1999, Ben-Nes Michael wrote: Hi All If i put : Port-Limit = 2 and Simultaneous-Use = 1 can ISDN user connect in 128k ? Normally you would not use Port-Limit in this context, Port-Limit is for use in allocating total numbers of ports to particular groups of users. I would expect the correct approach to be to use Simultaneous-Use = 2, however this is dependent on the NAS behaviour. Most NAS's we've seen will do a Radius query for each individual channel open, together with individual Starts and Stops. hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.