[pop] Re: Fwd: Re: PPTP and RadiusNT

Michael Whisenant ( mwhisen@airnet.net )
Tue, 02 Jun 1998 17:50:28 -0500

>I responded to you about this last night. As I mentioned I am not that
>in PPTP and have little experience with USR gear.

Sorry for the attitude, but I did not see any response on the list from
you or anyone on this thread, and I did not see it personally. Must of
been one of those things that got lost....

>> I know if I manually add a user in USR TC or use their RADIUS I
can assign
>> to the netuser protocol = PPTP and default-host = xxx.xxx.xxx.xxx where
>> that is their company PPTP server, and I can either add or instead use a
>> global-host which sets a series of PPTP servers in a pool??? All I need to
>> know is the process in Emerald using Radius NT how to make this happen.
>> Therefore I do not need to enter users into each TC and use Emerald and
>> RADIUS the way it was/is designed.
>I don't understand why you can't just do the same? The PPTP is most likely
>just another value for Framed-Protocol. I'm not sure what attribute default
>host matches to, though. It could be a VSA, as I noted earlier, or it could
>be something like Login-Host. What does radlogin show for the authentication
>againt the USR RADIUS server?

Help me understand since I do not have a copy of this previous message. I
agree that it is most likely a value for Framed-Protocol. I do not how to
perform the radlogin against the USR RADIUS server, but I can run this if
provided details, or will escalate this with USR Technical Support if I
know exactly what to ask. I have a call into support now, and will let you
and the list know. I know that any ISP with USR equipment using your
RADIUS (and there are a few of us) would like this option if they knew
about it. I can not imagine that Ascend/Livingston does not do PPTP
(although 3Com wrote the PPTP for Microsoft, maybe a license issue).

For purpose of the list PPTP allows a user to encrypt his/her session and
build that tunnel to a default-host. You can build a global listing of
PPTP servers that any user can encrypt their session to, which defeats the
real value of the security layer. I have quite a number of businesses that
want their employees to have remote access, but want security layers to
protect data. They can use the PPTP adapter in DUN 1.2, but that really
requires a static IP assignment from the ISP.

I cover a vast geographical region that has little to no competition, I
dislike static addresses and typically deny request for same. I do not
want to manage a bunch of host routes, rather figure a method to use
dynamic assignments. Therefore these companies really prefer that the ISP
performs PPTP in the terminal server, the only unsecure layer is the users
modem into my terminal server (ie telco). I can offer the user then to
call any of my POPs and securely access the corporate LAN, without long
distant charges. The only disadvantage is unless the corporate LAN or the
ISP runs a PPTP proxy server then the user can access only the corporate
LAN whith his/her dial-up account. (ISP can sell multiple accounts or run
a simple proxy server on NT running

While typing this I did find out that default-host is = login-host,
according to USR, the guy I spoke with told me that the Framed-Protocol =
PPTP could not be a RADIUS attribute, but I beg to differ. Since all the
other Framed-Protocol options are exact matches with the listings you have,
I still think it must be a way to accomplish this task......
>Dale E. Reed Jr. (daler@iea-software.com)
> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs
> Internet Solutions for Today | http://www.iea-software.com
Michael J. Whisenant
Vice-President, Operations
AIRnet Internet Services, Inc.
ph: (256) 704-4692 fax: (256) 704-2329