subject:"Re\: \(RADIATOR\) Simulatnius\-usae and Port\-limit"

RE: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-23 Thread Arturo Pina


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,
I've forwarded the traces to Hugh directly as them contained lots of
info I think won't interest most of you. Anyway if someone would like
to see them just feel free to drop me a note.
Cheers,

- --
Arturo Pina / [EMAIL PROTECTED]
Dpto. I+D / CTV-Jet (http://www.ctv-jet.com/)
Tfno: +34 96 5845291 / Fax: +34 96 5844896

> -Mensaje original-
> De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Enviado el: sábado, 21 de agosto de 1999 1:24
> Para: Arturo Pina; tom minchin; [EMAIL PROTECTED]
> Asunto: RE: (RADIATOR) Simulatnius-usae and Port-limit
>
>
>
> Hi Arturo -
>
> > > Port-Limit is not the solution. Neither is Simultaneous-Usage.
> > >
> > I don't quite agree with you :-)
> > Port-Limit is a reply-list item. If the NAS is multilink aware it
> > should handle it.
> > The issue here is what happens when either the second (well in
> > fact not-the-first channel) comes up or another user tries to
> > dial up from another box. We should permit the first case to go
> > through (if it's a Port-Limit=2 user) but we shouldn't the second
> > one. Here's an accounting trace from a Multilink user:
> >
>
> Thanks for the traces, but they only show Accounting-Request
> packets, not the
> initial Access-Request(s). If there is only one Access-Request,
> we may be able
> to do something by caching the Port-Limit in the SessionDatabase
> (this is hypothetical only - I haven't spoken to Mike about it).
> However,  if the NAS sends an identical Access-Request for both (or
> more) channel  connections, then there is still a problem as
> Radiator has no way of knowing what  is going on.
>
> I think we all agree that there is a gray area in the Radius
> protocol regarding
> multilink PPP. Anyone have time to write an RFC?
>
> cheers
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS
> server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
> Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on
> Unix, Win95/8, NT, Rhapsody

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBN8I3eGXwKH++xlSbEQJVuQCff3HJC7GVqhwst9OdgaCq10JLn7YAnArX
zBpDwGoNG4vxqcFWFjVXR+v2
=1Vv2
-END PGP SIGNATURE-


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-23 Thread Arturo Pina


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi again :-(,
I'm quite certain that there's an access request for each channel. I
don't think the access request is identical, and it's really
difficult for me to get a trace, but I'll try and we'll see...
Bear in mind that in a multilink connection it's possible to fire up
just one channel and  an hour later fire up the second, so there must
be a second access request. But I'm quite sure that it shouldn't be
very difficult to cope with it as there are other RADIUS products
that do :-)
Cheers,

- --
Arturo Pina / [EMAIL PROTECTED]
Dpto. I+D / CTV-Jet (http://www.ctv-jet.com/)
Tfno: +34 96 5845291 / Fax: +34 96 5844896

> -Mensaje original-
> De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Enviado el: sábado, 21 de agosto de 1999 1:24
> Para: Arturo Pina; tom minchin; [EMAIL PROTECTED]
> Asunto: RE: (RADIATOR) Simulatnius-usae and Port-limit
>
>
>
> Hi Arturo -
>
> > > Port-Limit is not the solution. Neither is Simultaneous-Usage.
> > >
> > I don't quite agree with you :-)
> > Port-Limit is a reply-list item. If the NAS is multilink aware it
> > should handle it.
> > The issue here is what happens when either the second (well in
> > fact not-the-first channel) comes up or another user tries to
> > dial up from another box. We should permit the first case to go
> > through (if it's a Port-Limit=2 user) but we shouldn't the second
> > one. Here's an accounting trace from a Multilink user:
> >
>
> Thanks for the traces, but they only show Accounting-Request
> packets, not the
> initial Access-Request(s). If there is only one Access-Request,
> we may be able
> to do something by caching the Port-Limit in the SessionDatabase
> (this is hypothetical only - I haven't spoken to Mike about it).
> However,  if the NAS sends an identical Access-Request for both (or
> more) channel  connections, then there is still a problem as
> Radiator has no way of knowing what  is going on.
>
> I think we all agree that there is a gray area in the Radius
> protocol regarding
> multilink PPP. Anyone have time to write an RFC?
>
> cheers
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS
> server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
> Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on
> Unix, Win95/8, NT, Rhapsody

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBN8EsXWXwKH++xlSbEQJ8vgCg17wGKQjo/O4V9RxEvWr7hywzRigAnj5a
0kJ0ftQ5GPGS1Q3/CF1fihT3
=1KkT
-END PGP SIGNATURE-


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-20 Thread Hugh Irvine



Hi Arturo -

> > Port-Limit is not the solution. Neither is Simultaneous-Usage.
> > 
> I don't quite agree with you :-)
> Port-Limit is a reply-list item. If the NAS is multilink aware it
> should handle it.
> The issue here is what happens when either the second (well in fact
> not-the-first channel) comes up or another user tries to dial up from
> another box. We should permit the first case to go through (if it's a
> Port-Limit=2 user) but we shouldn't the second one.
> Here's an accounting trace from a Multilink user:
> 

Thanks for the traces, but they only show Accounting-Request packets, not the
initial Access-Request(s). If there is only one Access-Request, we may be able
to do something by caching the Port-Limit in the SessionDatabase (this is
hypothetical only - I haven't spoken to Mike about it). However, if the NAS
sends an identical Access-Request for both (or more) channel connections, then
there is still a problem as Radiator has no way of knowing what is going on.

I think we all agree that there is a gray area in the Radius protocol regarding
multilink PPP. Anyone have time to write an RFC?

cheers

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-20 Thread Arturo Pina


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi all,

> Port-Limit is not the solution. Neither is Simultaneous-Usage.
> 
I don't quite agree with you :-)
Port-Limit is a reply-list item. If the NAS is multilink aware it
should handle it.
The issue here is what happens when either the second (well in fact
not-the-first channel) comes up or another user tries to dial up from
another box. We should permit the first case to go through (if it's a
Port-Limit=2 user) but we shouldn't the second one.
Here's an accounting trace from a Multilink user:

This is the first link going up...

Fri Aug 20 09:18:12 1999
Acct-Status-Type = Start
Acct-Session-Id = "84089cd9"
Acct-Delay-Time = 0
NAS-Port = 23
NAS-Port-Type = ISDN
User-Name = "protect-the-innocent"
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "917089800"
Acct-Multi-Session-Id = "84089cd9"
Acct-Link-Count = "<0><0><0><1>"
Acct-Authentic = RADIUS
Framed-IP-Address = x.x.x.41
NAS-IP-Address = x.x.x.248
Timestamp = 935133492

And this is the second (note NAS-Port-Type)

Fri Aug 20 09:18:24 1999
Acct-Status-Type = Start
Acct-Session-Id = "84089cdb"
Acct-Delay-Time = 0
NAS-Port = 5001
NAS-Port-Type = Virtual
User-Name = "protect-the-innocent"
Service-Type = Framed-User
Framed-Protocol = PPP
Acct-Multi-Session-Id = "84089cd9"
Acct-Link-Count = "<0><0><0><2>"
Acct-Authentic = RADIUS
Framed-IP-Address = x.x.x.170
NAS-IP-Address = x.x.x.248
Timestamp = 935133502

Second channel going down:

Fri Aug 20 09:34:21 1999
Acct-Status-Type = Stop
Acct-Session-Id = "84089cdb"
Acct-Session-Time = 958
Acct-Delay-Time = 0
NAS-Port = 5001
NAS-Port-Type = Virtual
User-Name = "protect-the-innocent"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = x.x.x.170
Acct-Input-Octets = 9758
Acct-Output-Octets = 81036
Acct-Input-Packets = 155
Acct-Output-Packets = 370
Acct-Multi-Session-Id = "84089cd9"
Acct-Link-Count = "<0><0><0><2>"
Acct-Terminate-Cause = User-Request
Acct-Authentic = RADIUS
NAS-IP-Address = x.x.x.248
Timestamp = 935134459

And here we have the first channel dying...

Fri Aug 20 09:34:21 1999
Acct-Status-Type = Stop
Acct-Session-Id = "84089cd9"
Acct-Session-Time = 970
Acct-Delay-Time = 0
NAS-Port = 23
NAS-Port-Type = ISDN
User-Name = "protect-the-innocent"
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = x.x.x.41
Called-Station-Id = "917089800"
Acct-Input-Octets = 10019
Acct-Output-Octets = 79367
Acct-Input-Packets = 169
Acct-Output-Packets = 385
Acct-Multi-Session-Id = "84089cd9"
Acct-Link-Count = "<0><0><0><2>"
Acct-Terminate-Cause = User-Request
Acct-Authentic = RADIUS
NAS-IP-Address = x.x.x.248
Timestamp = 935134459

We're using 5399 as NASen and, this is the funniest, we're not using
Radiator as authenticator here (just as a proxy; but it will change
soon). Anyway it's the same for the sake of the problem.

If we look at the RADIUS RFC:

5.42.  Port-Limit

   Description

  This Attribute sets the maximum number of ports to be provided
to
  the user by the NAS.  This Attribute MAY be sent by the server
to
  the client in an Access-Accept packet.  It is intended for use
in
  conjunction with Multilink PPP [7] or similar uses.  It MAY
also
  be sent by the NAS to the server as a hint that that many ports
  are desired for use, but the server is not required to honor
the
  hint.

So perhaps Acct-Multi-Session-Id and maybe Acct-Link-Count too could
provide a handle on solving the problem.
Well it was quite a long message. Sorry...


- --
Arturo Pina / [EMAIL PROTECTED]
Dpto. I+D / CTV-Jet (http://www.ctv-jet.com/)
Tfno: +34 96 5845291 / Fax: +34 96 5844896

> 
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 for non-commercial use 

iQA/AwUBN70ArmXwKH++xlSbEQK7OgCcCkpHKmCSZ0IJ3qlte+VVBEfUP1IAoIzU
v7R0sOYEnLMQB3NPFTmvzzy7
=R9qT
-END PGP SIGNATURE-


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-19 Thread Andrew Foster


> Especially note that it only limits multilink ISDN sessions, it does not
> prevent two separate non-multilinked logins. It doesn't not solve the
> problem you face, you'll have to think of another way around it - static
> IPs, caller id, multilink session ids (if your NAS sends them -
> Cisco does).
>
> Port-Limit is not the solution. Neither is Simultaneous-Usage.

One workaround is to assign the user the same IP address each time via
Framed-IP-Address.  Depending on the NAS, the call will either be terminated
or the original or the new call won't function properly (also depends on
your routing configuration).

For example, if 2 calls are placed to a single Bay 5399 and the same IP
address is assigned to both, the 2nd call will be terminated after NCP is
established because the IP address that the Radius-Accept packet has told
the 5399 to use is already in use locally.

Regards,
Andrew



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-19 Thread tom minchin

On Thu, Aug 19, 1999 at 04:56:11PM +0200, Ben-Nes Michael wrote:
> So how othe Radius server do this ?
> And what the livingston send that tell the Radius that its the second port of the
> current Session ?
> 

It's not able to do this.

It can send Port-Limit = 

You can configure Radiator to send the same Reply attribute, however, there's
substantial caveats in the Livingston RADIUS server:

http://www.livingston.com/tech/docs/radius/userinfo.html#1014088

Especially note that it only limits multilink ISDN sessions, it does not 
prevent two separate non-multilinked logins. It doesn't not solve the
problem you face, you'll have to think of another way around it - static
IPs, caller id, multilink session ids (if your NAS sends them - Cisco does).

Port-Limit is not the solution. Neither is Simultaneous-Usage.

[EMAIL PROTECTED]

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-19 Thread Ben-Nes Michael


So how othe Radius server do this ?
And what the livingston send that tell the Radius that its the second port of the
current Session ?

Hugh Irvine wrote:

> On Thu, 19 Aug 1999, Ben-Nes Michael wrote:
> > Hi
> >
> > I think that every Nas that can give multilink PPP is bind to Port-Limit.
> > As for the Livingston(pm2-3) its does not care about Simultaneous Use at all, and
> > just count the port.
> >
> > I wonder if livingston radius do it by SNMP or just remember the session in the
> > memory
>
> Radiator can be configured to do either of the above, but again if the NAS
> sends an identical radius request, there is no good solution.
>
> cheers
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

--
--
Canaan Surfing Ltd.
Internet Service Providers
Ben-Nes Michael - Manager
Tel: 972-6-6925757
Fax: 972-6-6925858
http://www.canaan.co.il
--



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-19 Thread Hugh Irvine

On Thu, 19 Aug 1999, Ben-Nes Michael wrote:
> Hi
> 
> I think that every Nas that can give multilink PPP is bind to Port-Limit.
> As for the Livingston(pm2-3) its does not care about Simultaneous Use at all, and
> just count the port.
> 
> I wonder if livingston radius do it by SNMP or just remember the session in the
> memory

Radiator can be configured to do either of the above, but again if the NAS
sends an identical radius request, there is no good solution.

cheers

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-18 Thread Ben-Nes Michael


Hi

I think that every Nas that can give multilink PPP is bind to Port-Limit.
As for the Livingston(pm2-3) its does not care about Simultaneous Use at all, and
just count the port.

I wonder if livingston radius do it by SNMP or just remember the session in the
memory

Hugh Irvine wrote:

> On Thu, 19 Aug 1999, David Lloyd wrote:
> > On Wed, 18 Aug 1999, Arturo Pina wrote:
> >
> > > Hi,
> > > Just to shed some light if I can...
> > > Michael is meaning that it's not the same to have a single user using
> > > 2 channels than two  separate users using a channel each one. This
> > > way he would lose a customer for the price of a 128k dialup access
> > > might or might not be twice the price of a single access...
> > > If I recall every major NAS can handle this situation (known as
> > > Multilink PPP) and I always thought that Radiator did... I should go
> > > back over to read the Radius RFC but the Port-Limit attribute is
> > > thought exactly for this situation...
> >
> > I agree fully, we are facing the same thing here.  We would like to have a
> > global session limit of 1, and set each user's port-limit to the maximum
> > number of channels they are alloted, becuase (for us) 128k ISDN (or 112k
> > multilink analog) is cheaper than two 64k (or 56k) dialups. We have a
> > one-login-per-computer policy, where a customer is not allowed to log in
> > from more than one machine at a time.
> >
> > I am of the opinion that Radiator should if possible recognize a multilink
> > connection as just one session!
>
> AAH Now I see what you are meaning - I'm not usually so thick.  :~)
>
> I also see that it is going to get somewhat interesting, because this sort of
> behaviour will of course depend almost entirely on the NAS in question. If the
> NAS can indicate in the Radius Access-Request that the second channel request
> is in fact just that (multilink PPP) then we will be able to do something
> special. (Or indeed if the NAS is configured to accept additional channels
> depending on a returned Port-Limit - although accounting could get messy.)
> However, if the Access-Request from the NAS looks exactly like any other
> Access-Request, then we will have no way to determine whether the request is
> for the second channel of a multilink session, or for a completely different
> session using the same username and password. In which case a Simultaneous-Use
> for that user will be the only way to deal with it.
>
> If someone would like to do some testing, I'd be happy to assist.
>
> thanks to everyone who has commented
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody

--
--
Canaan Surfing Ltd.
Internet Service Providers
Ben-Nes Michael - Manager
Tel: 972-6-6925757
Fax: 972-6-6925858
http://www.canaan.co.il
--



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-18 Thread Hugh Irvine

On Thu, 19 Aug 1999, David Lloyd wrote:
> On Wed, 18 Aug 1999, Arturo Pina wrote:
> 
> > Hi,
> > Just to shed some light if I can...
> > Michael is meaning that it's not the same to have a single user using
> > 2 channels than two  separate users using a channel each one. This
> > way he would lose a customer for the price of a 128k dialup access
> > might or might not be twice the price of a single access...
> > If I recall every major NAS can handle this situation (known as
> > Multilink PPP) and I always thought that Radiator did... I should go
> > back over to read the Radius RFC but the Port-Limit attribute is
> > thought exactly for this situation...
> 
> I agree fully, we are facing the same thing here.  We would like to have a
> global session limit of 1, and set each user's port-limit to the maximum
> number of channels they are alloted, becuase (for us) 128k ISDN (or 112k
> multilink analog) is cheaper than two 64k (or 56k) dialups. We have a
> one-login-per-computer policy, where a customer is not allowed to log in
> from more than one machine at a time.
> 
> I am of the opinion that Radiator should if possible recognize a multilink
> connection as just one session!

AAH Now I see what you are meaning - I'm not usually so thick.  :~)

I also see that it is going to get somewhat interesting, because this sort of
behaviour will of course depend almost entirely on the NAS in question. If the
NAS can indicate in the Radius Access-Request that the second channel request
is in fact just that (multilink PPP) then we will be able to do something
special. (Or indeed if the NAS is configured to accept additional channels
depending on a returned Port-Limit - although accounting could get messy.)
However, if the Access-Request from the NAS looks exactly like any other
Access-Request, then we will have no way to determine whether the request is
for the second channel of a multilink session, or for a completely different
session using the same username and password. In which case a Simultaneous-Use
for that user will be the only way to deal with it.

If someone would like to do some testing, I'd be happy to assist.

thanks to everyone who has commented

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-18 Thread David Lloyd

On Wed, 18 Aug 1999, Arturo Pina wrote:

> Hi,
> Just to shed some light if I can...
> Michael is meaning that it's not the same to have a single user using
> 2 channels than two  separate users using a channel each one. This
> way he would lose a customer for the price of a 128k dialup access
> might or might not be twice the price of a single access...
> If I recall every major NAS can handle this situation (known as
> Multilink PPP) and I always thought that Radiator did... I should go
> back over to read the Radius RFC but the Port-Limit attribute is
> thought exactly for this situation...

I agree fully, we are facing the same thing here.  We would like to have a
global session limit of 1, and set each user's port-limit to the maximum
number of channels they are alloted, becuase (for us) 128k ISDN (or 112k
multilink analog) is cheaper than two 64k (or 56k) dialups. We have a
one-login-per-computer policy, where a customer is not allowed to log in
from more than one machine at a time.

I am of the opinion that Radiator should if possible recognize a multilink
connection as just one session!

.
Dave Lloyd  [EMAIL PROTECTED]

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-18 Thread Ben-Nes Michael


Yes this is what i mean :-)

Arturo Pina wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hi,
> Just to shed some light if I can...
> Michael is meaning that it's not the same to have a single user using
> 2 channels than two  separate users using a channel each one. This
> way he would lose a customer for the price of a 128k dialup access
> might or might not be twice the price of a single access...
> If I recall every major NAS can handle this situation (known as
> Multilink PPP) and I always thought that Radiator did... I should go
> back over to read the Radius RFC but the Port-Limit attribute is
> thought exactly for this situation...
> HTH. Cheers,
>
> - --
> Arturo Pina / [EMAIL PROTECTED]
> Dpto. I+D / CTV-Jet (http://www.ctv-jet.com/)
> Tfno: +34 96 5845291 / Fax: +34 96 5844896
>
> > -Mensaje original-
> > De: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]En nombre de Hugh Irvine Enviado
> > el: miércoles, 18 de agosto de 1999 11:54 Para: Ben-Nes Michael;
> > '[EMAIL PROTECTED]' Asunto: Re: (RADIATOR) Simulatnius-usae and
> > Port-limit
> >
> >
> >
> > Hello Michael -
> >
> > On Wed, 18 Aug 1999, Ben-Nes Michael wrote:
> > > But if ill put both set to 2 then i can easily have two users
> > on 64k thats mean 1 less
> > > customer.
> >
> > I'm not sure I understand what you mean - if you have a customer
> > using 128k,
> > that customer will use 2 x 64k channels. If you have a 30 channel
> > PRI (E1), you
> > can support 15 x 128k customers or 30 x 64k customers, or
> > anything in between.
> > But you can never have more than 30 channels (or 24 in the US on a
> > T1).
> >
> > > I think the should be considered as bug.
> > > any one know the email of the developing team ?
> > >
> >
> > Mike reads this list, but he can't change telco bandwidth
> > allocations.
> >
> > hth
> >
> > Hugh
> >
> > --
> > Radiator: the most portable, flexible and configurable RADIUS
> > server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
> > Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on
> > Unix, Win95/8, NT, Rhapsody
> >
> > ===
> > Archive at http://www.thesite.com.au/~radiator/
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
>
> -BEGIN PGP SIGNATURE-
> Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBN7qJPmXwKH++xlSbEQI6+wCfRAuOaSzuRhWMdls4L2/DlMjtboEAoPSn
> sPvZ398t3TkPUL7dpuGQzCSx
> =I3Ns
> -END PGP SIGNATURE-

--
--
Canaan Surfing Ltd.
Internet Service Providers
Ben-Nes Michael - Manager
Tel: 972-6-6925757
Fax: 972-6-6925858
http://www.canaan.co.il
--



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-18 Thread Arturo Pina


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hi,
Just to shed some light if I can...
Michael is meaning that it's not the same to have a single user using
2 channels than two  separate users using a channel each one. This
way he would lose a customer for the price of a 128k dialup access
might or might not be twice the price of a single access...
If I recall every major NAS can handle this situation (known as
Multilink PPP) and I always thought that Radiator did... I should go
back over to read the Radius RFC but the Port-Limit attribute is
thought exactly for this situation...
HTH. Cheers,

- --
Arturo Pina / [EMAIL PROTECTED]
Dpto. I+D / CTV-Jet (http://www.ctv-jet.com/)
Tfno: +34 96 5845291 / Fax: +34 96 5844896

> -Mensaje original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]En nombre de Hugh Irvine Enviado
> el: miércoles, 18 de agosto de 1999 11:54 Para: Ben-Nes Michael;
> '[EMAIL PROTECTED]' Asunto: Re: (RADIATOR) Simulatnius-usae and
> Port-limit
>
>
>
> Hello Michael -
>
> On Wed, 18 Aug 1999, Ben-Nes Michael wrote:
> > But if ill put both set to 2 then i can easily have two users
> on 64k thats mean 1 less
> > customer.
>
> I'm not sure I understand what you mean - if you have a customer
> using 128k,
> that customer will use 2 x 64k channels. If you have a 30 channel
> PRI (E1), you
> can support 15 x 128k customers or 30 x 64k customers, or
> anything in between.
> But you can never have more than 30 channels (or 24 in the US on a
> T1).
>
> > I think the should be considered as bug.
> > any one know the email of the developing team ?
> >
>
> Mike reads this list, but he can't change telco bandwidth
> allocations.
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS
> server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT,
> Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on
> Unix, Win95/8, NT, Rhapsody
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 for non-commercial use <http://www.pgp.com>

iQA/AwUBN7qJPmXwKH++xlSbEQI6+wCfRAuOaSzuRhWMdls4L2/DlMjtboEAoPSn
sPvZ398t3TkPUL7dpuGQzCSx
=I3Ns
-END PGP SIGNATURE-


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-18 Thread Hugh Irvine

Hello Michael -

On Wed, 18 Aug 1999, Ben-Nes Michael wrote:
> But if ill put both set to 2 then i can easily have two users on 64k thats mean 1 
>less
> customer.

I'm not sure I understand what you mean - if you have a customer using 128k,
that customer will use 2 x 64k channels. If you have a 30 channel PRI (E1), you
can support 15 x 128k customers or 30 x 64k customers, or anything in between.
But you can never have more than 30 channels (or 24 in the US on a T1).

> I think the should be considered as bug.
> any one know the email of the developing team ?
> 

Mike reads this list, but he can't change telco bandwidth allocations.

hth

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-18 Thread tom minchin

On Wed, Aug 18, 1999 at 11:45:26AM +0200, Ben-Nes Michael wrote:
> But if ill put both set to 2 then i can easily have two users on 64k thats mean 1 
>less
> customer.
> I think the should be considered as bug.
> any one know the email of the developing team ?
> 

You might be able to do something with a PreAuthHook (if you can distinguish,
from your NAS RADIUS client, the difference between two separate 64K channels
and the forming of 128k channel).

There's probably not much you can do if you can't tell the difference based
on RADIUS between the two (allocate a static IP?).

[EMAIL PROTECTED]

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-18 Thread Ben-Nes Michael


But if ill put both set to 2 then i can easily have two users on 64k thats mean 1 less
customer.
I think the should be considered as bug.
any one know the email of the developing team ?

Hugh Irvine wrote:

> Hello Michael -
>
> On Wed, 18 Aug 1999, Ben-Nes Michael wrote:
> > In the Livingston Radius Manual Port-Limit is the controller of how many B channel
> > a user can use.
> > so i put in the replay attribute: Port-Limit = 2 and in the check attribute:
> > Simultaneous-Use = 1
> >
> > and i get all the time when an ISDN user want to connect in 128k:
> >
> > INFO: Access rejected for : Simultaneous-Use of 1 exceeded
> >
>
> Right, I see - Port-Limit as a Livingston Reply item.
>
> Well you will probably have to do both in that case, for those users who use
> 128k. You should have a Simultaneous-Use = 2 Check item, together with a
> Port-Limit = 2 Reply item for those users who have purchased that service.
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody

--
--
Canaan Surfing Ltd.
Internet Service Providers
Ben-Nes Michael - Manager
Tel: 972-6-6925757
Fax: 972-6-6925858
http://www.canaan.co.il
--



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-17 Thread Hugh Irvine

Hello Michael -

On Wed, 18 Aug 1999, Ben-Nes Michael wrote:
> In the Livingston Radius Manual Port-Limit is the controller of how many B channel
> a user can use.
> so i put in the replay attribute: Port-Limit = 2 and in the check attribute:
> Simultaneous-Use = 1
> 
> and i get all the time when an ISDN user want to connect in 128k:
> 
> INFO: Access rejected for : Simultaneous-Use of 1 exceeded
> 

Right, I see - Port-Limit as a Livingston Reply item.

Well you will probably have to do both in that case, for those users who use
128k. You should have a Simultaneous-Use = 2 Check item, together with a
Port-Limit = 2 Reply item for those users who have purchased that service.

hth

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-17 Thread Ben-Nes Michael


In the Livingston Radius Manual Port-Limit is the controller of how many B channel
a user can use.
so i put in the replay attribute: Port-Limit = 2 and in the check attribute:
Simultaneous-Use = 1

and i get all the time when an ISDN user want to connect in 128k:

INFO: Access rejected for : Simultaneous-Use of 1 exceeded

Hugh Irvine wrote:

> On Mon, 16 Aug 1999, Ben-Nes Michael wrote:
> > Hi All
> >
> > If i put :
> > Port-Limit = 2 and
> > Simultaneous-Use = 1
> >
> > can ISDN user connect in 128k ?
> >
>
> Normally you would not use Port-Limit in this context, Port-Limit is for use in
> allocating total numbers of ports to particular groups of users. I would expect
> the correct approach to be to use Simultaneous-Use = 2, however this is
> dependent on the NAS behaviour. Most NAS's we've seen will do a Radius query
> for each individual channel open, together with individual Starts and Stops.
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody

--
--
Canaan Surfing Ltd.
Internet Service Providers
Ben-Nes Michael - Manager
Tel: 972-6-6925757
Fax: 972-6-6925858
http://www.canaan.co.il
--



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-17 Thread Ben-Nes Michael


Yes its the easy way but:
i don't want 2 64k Users to connect.
Im selling the 128k as one unit non breakable.

Hugh Irvine wrote:

> On Mon, 16 Aug 1999, Ben-Nes Michael wrote:
> > Hi All
> >
> > If i put :
> > Port-Limit = 2 and
> > Simultaneous-Use = 1
> >
> > can ISDN user connect in 128k ?
> >
>
> Normally you would not use Port-Limit in this context, Port-Limit is for use in
> allocating total numbers of ports to particular groups of users. I would expect
> the correct approach to be to use Simultaneous-Use = 2, however this is
> dependent on the NAS behaviour. Most NAS's we've seen will do a Radius query
> for each individual channel open, together with individual Starts and Stops.
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
> NT, Rhapsody

--
--
Canaan Surfing Ltd.
Internet Service Providers
Ben-Nes Michael - Manager
Tel: 972-6-6925757
Fax: 972-6-6925858
http://www.canaan.co.il
--



===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Re: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-16 Thread Hugh Irvine

On Mon, 16 Aug 1999, Ben-Nes Michael wrote:
> Hi All
> 
> If i put :
> Port-Limit = 2 and
> Simultaneous-Use = 1
> 
> can ISDN user connect in 128k ?
> 

Normally you would not use Port-Limit in this context, Port-Limit is for use in
allocating total numbers of ports to particular groups of users. I would expect
the correct approach to be to use Simultaneous-Use = 2, however this is
dependent on the NAS behaviour. Most NAS's we've seen will do a Radius query
for each individual channel open, together with individual Starts and Stops.

hth

Hugh

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody

===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Simulatnius-usae and Port-limit

1999-08-16 Thread Arturo Pina


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Yup, yes, sí, oui :-)
Or at least it should ...

- --
Arturo Pina / [EMAIL PROTECTED]
Dpto. I+D / CTV-Jet (http://www.ctv-jet.com/)
Tfno: +34 96 5845291 / Fax: +34 96 5844896

> -Mensaje original-
> De: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]En nombre de Ben-Nes Michael
> Enviado el: lunes, 16 de agosto de 1999 13:41 Para:
> '[EMAIL PROTECTED]' Asunto: (RADIATOR) Simulatnius-usae and
> Port-limit
>
>
> Hi All
>
> If i put :
> Port-Limit = 2 and
> Simultaneous-Use = 1
>
> can ISDN user connect in 128k ?
>
> --
> --
> Canaan Surfing Ltd.
> Internet Service Providers
> Ben-Nes Michael - Manager
> Tel: 972-6-6925757
> Fax: 972-6-6925858
> http://www.canaan.co.il
> --
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 6.5.1 for non-commercial use 

iQA/AwUBN7fz72XwKH++xlSbEQKlJwCguGgaFPAn3bwmqbSzoQ9rABSk91UAn1Ca
T9mY33oagdN4XC5p0zvSCSEI
=7Tpk
-END PGP SIGNATURE-


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Simulatnius-usae and Port-limit

RE: (RADIATOR) Simulatnius-usae and Port-limit

RE: (RADIATOR) Simulatnius-usae and Port-limit

RE: (RADIATOR) Simulatnius-usae and Port-limit

RE: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

RE: (RADIATOR) Simulatnius-usae and Port-limit

RE: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

RE: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

Re: (RADIATOR) Simulatnius-usae and Port-limit

RE: (RADIATOR) Simulatnius-usae and Port-limit

21 matches

Site Navigation

Mail list logo

Footer information