Re: Login prompts (fwd)

Dave Mitton (dmitton@BayNetworks.COM)
Tue, 27 May 1997 11:16:00 -0400

At 12:32 AM 5/27/97 -0700, MegaZone wrote:
>Once upon a time Jesse Martinez shaped the electrons to say...
>>I'm not sure if my problem is the same at yours, but I was told by
>>Livingston tech support to turn off security in order to get shell access
>
>This is just wrong. Please let me know who said this - not only is it
>wrong, it is dangerous advice.
>
>>The reason for all this is that I have two Max4004's and in radius I have
>>this entry.
>>
>>joeuser Password = "UNIX"
>> Framed-Protocol = PPP,
>> Login-Service = Rlogin,
>> Login-Host = 207.201.x.x,
>> Ascend-Idle-Limit = 1800
>>
>>This allows the user to log on with either a term emulator for shell
>>access or with a PPP dialer.
>
>This is not valid for Livingston. An entry must be shell OR PPP. NOT
>both. In fact, I don't think that is technically a valid RADIUS entry.

The RADIUS RFC says nothing about the consistency requirements of the user
profile.
That is strictly a NAS implementation issue.

Note that the User-Service attribute is missing, leaving the user with no
forced service type. The NAS could either drop the user into a command
line interface, or a menu, and save the extra attributes for application
given either choice, or ignore them all together and start with a blank
slate. It could even reject the user (for having a "bad" profile).

>Ascend has done a lot of extensions.

This doesn't require any extentions, of the protocol.

Dave.

>And the Ascend-Idle-Limit is an Ascend attribute that doesn't work with
>Livingston. I don't believe Ascend supports the standard RFC attrib
>for the same thing (we do).
>
>-MZ
>--

--------------------------------------------------------------
David Mitton 508-670-8888 Main
Consulting Engineer 508-916-4570 Direct
Bay Networks, Internet/Telcom BG 508-916-4789 FAX
Billerica, MA 01821 dmitton@baynetworks.com