Re: server port access

Dale Reed ( )
Fri, 12 Jun 1998 13:54:23 -0700

Mourad Dahoumane wrote:
> I also used the NAS-Port-Type=ISDN and port limit set to 1.
> But this profile connect to an async port. I have set this as a default for
> this profile in Emerald Admin/config radius/default
> My stupid question now is what the difference between a check attribute and
> a reply attribute.
> this how it appears in the users file :
> Framed-Protocol = 1
> NAS-Port-Type = 2
> Port-Limit = 1
> User-Service = 2

A Check attriubutes check to see if the value of the attributes
received in the Authentication request (like Caller-ID, NAS-Port-TYpe,
etc) is equal to the value of the same attribute in the Check
attribute itself. If the value is different, the user is rejected.
For example, you can set a check attribute of NAS-Port-Type = Async,
and prevent the used from loggin on sync/isdn.

Check attributes are NOT sent back to the NAS is the accept
(reply) list. For example, telling a NAS the NAS-Port-Type
after the user logs in is pointless (its already established),
but telling the NAS how many ports the user can have (Port-Limit)
can pevent the user from establihing additional MPP connections.

For the users file, check attributes follow the password on the
first line:

user Password = "blah", NAS-Port-Type = Async
User-Service = Framed-User
Framed-Protoocl = PPP
Port-Limit = 1

You DO NOT include NAS-Port-Type in the reply list (whih is all
attributes after the first line).

For a database (RadiusNT 2.5 only), the radcheck field tells
RadiusNT whether the attribute is a check atribute (non zero)
or a reply attribute (0).

-- Dale E. Reed Jr.  (       IEA Software, Inc.      |  RadiusNT, Emerald, and NT FAQs Internet Solutions for Today  |