* This is the VOP Radius mailing list *
Right .... I just don't see why it would use N/A. If I have a NAS without a
client definition at all, radius won't allow authentication. This is
allowing it so it know what client definition the connections are for ....
and so I think it should use the NAS name.
The name does me no good, but my support techs will question it.
Brad Johnson
Systems Administrator
Local Link Network Operations
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of WebWiz
Sent: Friday, May 21, 2004 2:38 PM
To: [EMAIL PROTECTED]
Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded"
(wholesale ports)
* This is the VOP Radius mailing list *
Actually, I think this is due to the fact that you probably DON'T have
the NAS set up in your client definitions. You've got a RadiusServer
between you and the NAS, but the accounting packets actually define for
you the NAS into which the user is calling.
The scenario is this:
[Caller] -> [NAS] -> [GP Radius] -> [Your Radius]
The [GP Radius] is reporting to you the IP of the NAS that's actually
handling the call. You've defined [GP Radius] to your Radius server,
since it's the one sending you packets, but you haven't defined the
actual [NAS] since you don't have a list of those. Even if you did,
what benefit would you get from giving the NAS a name? You've got the
IP address in case you need to track down a problem.
Regards,
Eric Longman
Atl-Connect Internet Services
+-------------------------------------------------------+
| Atl-Connect Internet Services http://www.atlcon.net |
| 3600 Dallas Hwy Ste 230-288 770 590-0888 |
| Marietta, GA 30064-1685 [EMAIL PROTECTED] |
+-------------------------------------------------------+
Brad Johnson wrote:
> Hmmm, got to be a VopRadius issue then . wouldn't you think?
>
>
>
> Brad Johnson
>
> Systems Administrator
>
> Local Link Network Operations
>
>
>
>
>
> ------------------------------------------------------------------------
>
> *From:* [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Ramsey Abu-Absi
> *Sent:* Friday, May 21, 2004 1:53 PM
> *To:* [EMAIL PROTECTED]
> *Subject:* [VOPRadius] "Ghost users causing simultaneous login limit
> exceeded" (wholesale ports)
>
>
>
> Yes - I get N/A too. On the END records, though, the NAS name shows up
> as the client name as it's set up in the client definitions.
>
> Thanks,
> Ramsey
>
> At 12:30 PM 5/21/2004, you wrote:
>
> Do you get "N/A" rather than your configured NAS Name in your online
> users listing for GP user? I'm getting that now .. Can't see why.
>
> Brad Johnson
> Systems Administrator
> Local Link Network Operations
>
>
>
>
>
> *From:* [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] *On Behalf Of *Cary Fitch
> *Sent:* Friday, May 21, 2004 11:19 AM
> *To:* [EMAIL PROTECTED]
> *Subject:* [VOPRadius] "Ghost users causing simultaneous login limit
> exceeded" (wholesale ports)
>
> We use a different user name for "national customers"
>
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> vs. just XXXXX for local users.
>
> We don't list Global Pops numbers where we have our own.
> We buy ports, not accounts.
>
> BTW GP also does total time limits over a rolling 30 day period for you
> if you like.
>
> CF
>
> Cary
>
>
> ----- Original Message -----
>
> From: Brad Johnson <mailto:[EMAIL PROTECTED]>
>
> To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> Sent: Friday, May 21, 2004 10:52 AM
>
> Subject: [VOPRadius] "Ghost users causing simultaneous login limit
> exceeded" (wholesale ports)
>
>
>
> And. ?
>
> Your NAS users have a different profile and can't travel . or can, but
> not to a GP number?
>
> Your GP users can't use your NAS . or can but can login several times?
>
>
>
> I'm trying to understand in what scenario this would be a solution.
>
>
>
> Brad Johnson
>
> Systems Administrator
>
> Local Link Network Operations
>
>
>
>
>
>
>
> From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
> [mailto:[EMAIL PROTECTED] On Behalf Of Cary Fitch
>
> Sent: Friday, May 21, 2004 10:43 AM
>
> To: [EMAIL PROTECTED]
>
> Subject: [VOPRadius] "Ghost users causing simultaneous login limit
> exceeded" (wholesale ports)
>
>
>
> Yes, we do.
>
>
>
> Cary
>
> ----- Original Message -----
>
> From: Brad Johnson <mailto:[EMAIL PROTECTED]>
>
> To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> Sent: Friday, May 21, 2004 10:38 AM
>
> Subject: [VOPRadius] "Ghost users causing simultaneous login limit
> exceeded" (wholesale ports)
>
>
>
> Heh, do you even have any of your own NAS? If so, do you allow multiple
> logins on those to, or do you restrict your users from traveling with
> their account?
>
>
>
> If your suggestion was any kind of solution for me (or most of us for
> that matter) this thread wouldn't have lived as long as it has.
>
>
>
> Brad Johnson
>
> Systems Administrator
>
> Local Link Network Operations
>
>
>
>
>
>
>
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> On Behalf Of Cary Fitch
>
> Sent: Friday, May 21, 2004 9:40 AM
>
> To: [EMAIL PROTECTED]
>
> Subject: [VOPRadius] "Ghost users causing simultaneous login limit
> exceeded" (wholesale ports)
>
>
>
> Give them a profile that allows multiple logins and let Global Pops
> handle limits.
>
>
>
> ("I keep saying this,over, and over and over.")
>
>
>
> Cary Fitch
>
> ----- Original Message -----
>
> From: Gene DuCharme <mailto:[EMAIL PROTECTED]>
>
> To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> Sent: Friday, May 21, 2004 9:30 AM
>
> Subject: [VOPRadius] "Ghost users causing simultaneous login limit
> exceeded" (wholesale ports)
>
>
>
> The exact scenario that we get from GP is this:
>
>
>
> User connects, everything is just fine.
>
> They disconnect gracefully.
>
> I look in my radius and they are still there, so the next time they try
> to log on they get invalid user and or pass.
>
>
>
> Until I actually delete them from VOP Radius they cannot log back on.
>
>
>
> This really makes it hard to sustain a nationwide presence or to
> recommend to our customers leaving the area to stay with us on our
> outside dial-ups.
>
>
>
> There has to be a cure somewhere, somehow. LOL
>
>
>
>
>
> High Speed Internet at it's Best
>
>
>
> Gene DuCharme
>
> Owner
>
> Inland North West Internet
>
> 401 S. Park St.
>
>
<http://maps.yahoo.com/py/maps.py?Pyt=Tmap&addr=401+S.+Park+St.&csz=Chewelah
%2C+Wa.&country=us>
>
> _Chewelah, Wa.
>
>
<http://maps.yahoo.com/py/maps.py?Pyt=Tmap&addr=401+S.+Park+St.&csz=Chewelah
%2C+Wa.&country=us>_
>
> _99109
>
<http://maps.yahoo.com/py/maps.py?Pyt=Tmap&addr=401+S.+Park+St.&csz=Chewelah
%2C+Wa.&country=us>_
>
>
> [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
>
> http://www.inwi.net <http://www.inwi.net/>
>
> tel:
>
> fax:
>
> mobile:
>
> 509-935-8923
>
> 509-935-8923
>
> 509-936-0633
>
>
>
>
>
>
>
>
>
> Signature powered by Plaxo <http://www.plaxo.com/signature>
>
> Want a signature like this? <http://www.plaxo.com/signature>
>
> Add me to your address book...
> <https://www.plaxo.com/add_me?u=12885176260&v0=541057&k0=1122043454>
>
> -----Original Message-----
>
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Gary Carr
>
> Sent: Friday, May 21, 2004 6:57 AM
>
> To: [EMAIL PROTECTED]
>
> Subject: [VOPRadius] "Ghost users causing simultaneous login limit
> exceeded" (wholesale ports)
>
>>GlobalPops position on all the watchdog/stop packet info is that they
> are UDP and there can be losses with no notification.
>
>
>
>
>
> That is true but I see watchdog packets as another way to limit abuse,
> not a 100% sure method.
>
>
>
>>Their ultimate ghosting and over use protection is from the logon caller
> ID. But not the caller ID that consumers get, the one internal to
> Telecom >Companies. It can't be blocked.
>
>
>
> Hmm, where does that internal caller ID come from that, and does it get
> passed to the NAS and onto the radius. That sounds very close to the
> port method that Aleron uses.
>
>
>
>>If there are logons from the same number simultaniously, that is a ghost
> and the old one is "killed". If they are from different numbers that is
> "abuse" and it >is allowed to a limit... with abusers duplicate (trust)
> privledges removed once they are a demonstrated abuser. (So many
> occurances, for instance.)
>
>>
>
>>GP doesn't believe in Watchdog packets or for that matter Stop packets
> as "the truth". Logons from the same or different numbers are proof
> positive.
>
>
>
>
>
> Does GP have a per user cap on the amount of hours? Is so what happens
> if a user disconnects and doesn't reconnet until the next day or later.
> In that case the caller-id method would fail to remove the user in a
> timely manner.
>
>
>
>
>
> That's pretty interesting. Will they give any more details about that.
> We were considering adding GlobalPOPs until this thread started. Still
> may if they have a way to pass the disconnected user information to our
> radius servers.
>
>
>
>
>
>
>
> Gary
>
>
>
> * * * C O N F I D E N T I A L I T Y S T A T E M E N T * * * This E-MAIL
> message and any accompanying documents contain confidential information
> intended for a specific individual and purpose. The information
> contained within is private and protected by law. If you are not the
> intended recipient, you are hereby notified that any disclosure,
> copying, distribution, or the taking of any action in reliance on the
> contents of this message is strictly prohibited. If you have received
> this communication in error, please notify us by return e-mail or by
> telephone at 419-661-1233 so that we can prevent a reoccurrence. Thank
> you in advance for your strict compliance and assistance.
>
**
To leave this list, send an email to [EMAIL PROTECTED]
and put the word "LEAVE" in the BODY of the email.
**
To leave this list, send an email to [EMAIL PROTECTED]
and put the word "LEAVE" in the BODY of the email.
