Call-Check
Paolo Rotela
paolo.rotela at bluetelecom.com
Wed Oct 5 22:28:48 CEST 2005
I'm using Cisco preauth feature on an AS5300 series acting as standard modem
RAS against a FreeRADIUS. I use it to blacklist some ANIs that aren't
allowed to put a call on my gear, and I need to do it before the call gets
answered.
It is working great in the sense that I get the blacklisted numbers rejected
without sending an Answer signal on the PSTN line, due to that Cisco's
preauth feature makes it to do an Access-Request before it answers the call,
but FR treats it as a normal packet, with the only detail that it has lesser
information (i.e, in the modem RAS case, you dont have the real UserName
until you answer the call and modem negotiation ends up, so Cisco normally
lets you put the DNIS or ANI or something in the UserName field and
password).
The only two details is this and the fact that from FR's point of view, the
NAS will be doing Auth twice, one for the "preauth" fase on the cisco, and
another for the real "auth" fase. So you will be seeing two Access-Request
packets from NAS.
Ing. Paolo Rotela
Jefe Técnico
Blue Telecom
----- Original Message -----
From: "Alan DeKok" <aland at ox.org>
To: "FreeRadius users mailing list" <freeradius-users at lists.freeradius.org>
Sent: Wednesday, October 05, 2005 3:41 PM
Subject: Re: Call-Check
> "Jonathan De Graeve" <Jonathan.De.Graeve at imelda.be> wrote:
>> >From the site:
>> RADIUS Debugging File
>> FreeRADIUS server does not support preauthentication. There is no
>> example for this case.
>
> I'm not sure it's true.
>
> Please configure the pre-authentication as they describe, run
> FreeRADIUS in debugging mode, and try using preauthentication. Post
> the results to the list.
>
> Also, configure ACS (or a server that *does* support
> preauthenticat), run some requests, capture the output with tcpdump,
> and post the capture file on a web page.
>
> From what I can see of Table 10, they're not doing anything magic.
> There's no reason why you can't configure preauthentication using
> FreeRADIUS.
>
> Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list