only problem with fingering GlobalPops as the problem, is that they didn't make the software, the issue here is VOPRadius, it DOESN'T SUPPORT watchdog packets.. if your mad at someone, be mad at them, if you want this feature in your radius - email blast vircom, and/or call them.
I look at it this way �.. I have several reasons that their suggestions won�t work (many of them mentioned here). They are providing the service. Cater to the customer and add one more special function to your already highly customized radius servers. Send me a Watchdog packet every 5 minutes.
I�d like to know how many here are using globalpops and thing they should do something about this issue. I�ll mention the number to the sales rep when I�m chewing on him.
Brad Johnson
Systems Administrator
Local Link Network Operations
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of TDE Internet
Sent: Thursday, May 20, 2004 10:54 AM
To: [EMAIL PROTECTED]
Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" (wholesale ports)
At 11:19 AM 05/20/2004 -0400, you wrote:
All VopRadius users,
I'm working with Sylvain Savignac at Vircom on this issue. The problem is that most wholesale ports providers do not provide support for watchdog packets between the NAS and your radius which means there is no process in place to reconcile the list of users actually online. If the NAS restarts or otherwise is unable to send the stop packet to radius the user ends up with a ghost record in radius. When the user tries to log back on if you have port-limit = 1 the user is rejected based on simultaneous login limit exceeded. This operational issue is not going to go away unless a creative solution is implemented. In my opinion just such a solution was suggested some time ago on this mail list. The recommendation is as follows: " if the calling station-id was stored with the rest of the users information in the online users table in radius, a ghost user could be cleaned up when they try to reconnect from the same phone number." The assumption is that it would not be impossible to be simultaneous from the same originating number.
I would appreciate feedback from others on this list with thoughts on this solution.
Thanks,
Steven Bastardi
The Home Town Network Inc.
Doesn't do any good for users who have their phone number blocked. At least 1/2 of our customers don't show any dialed from phone number.
Jim Craig
TDE Internet
----- Original Message -----
From: Gene DuCharme
To: [EMAIL PROTECTED]
Sent: Thursday, May 20, 2004 7:02 AM
Subject: [VOPRadius] globalpops
Allowing multiple logins on our end seems to me to be opening the door for abuse.
It would seem to me that there has to be a way for radius to check say every 20 minutes if the customer is still there.????
High Speed Internet at it's Best
Gene DuCharme
Owner Inland North West Internet
401 S. Park St.
Chewelah, Wa.
99109
[EMAIL PROTECTED]
http://www.inwi.net
tel:
fax:
mobile: 509-935-8923
509-935-8923
509-936-0633
Signature powered by Plaxo Want a signature like this?
Add me to your address book...
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Ramsey Abu-Absi
Sent: Wednesday, May 19, 2004 2:11 PM
To: [EMAIL PROTECTED]
Subject: [VOPRadius] globalpops
Is that working OK for you?
Thanks,
Ramsey
At 04:48 PM 5/19/2004, you wrote:
They have a custom tweaked Radius. They suggested we put our GP users on a profile allowing 2 logins or unlimited logins.
Keep our local users on a profile with 1 login per user.
CF
----- Original Message -----
From: Ramsey Abu-Absi
To: [EMAIL PROTECTED]
Sent: Wednesday, May 19, 2004 3:47 PM
Subject: [VOPRadius] globalpops
Hi Cary,
Thanks - you make a valid point; perhaps I was a bit harsh in my earlier messages. Their ghosting policy is as you describe. However, my frustration has been that although they are letting the ghosted user log in, they are getting a reject from my server because my server does not know that this is in fact happening. If they could send a stop record first, then the problem would be solved.
Now this brings up a question I hadn't thought of before: Can VOP perform the same logic (i.e. check the called-from number, and if it is the same as the active session, allow the user to log in)? This would also provide us with a fix.
Given that at least two of us are dealing with this, I'd be most appreciative if someone from Vircom wouldn't mind weighing in on this. Otherwise, I'll contact support.
Thanks,
Ramsey
At 04:29 PM 5/19/2004, Cary Fitch wrote:
I have dealt with their tech staff and their "chief guru". They are a class operation. Two of them were at our Peercon meeting.
They have a "good" ghosting policy, verify not only by your radius, but by the number the person is calling from, and can knock off a ghosted user, to allow the same person back on from the same number, but not a different number.
They also give the user the benefit of the doubt until it is shown he is an "ab-user".
As to wrong passwords, unless that is a caching issue, I don't know about that. (They do caching, so if they can't reach you, they can still allow your users on line.)
Cary Fitch
----- Original Message -----
From: Brad Johnson
To: [EMAIL PROTECTED]
Sent: Wednesday, May 19, 2004 3:05 PM
Subject: [VOPRadius] globalpops
Will Do! Thanks to all who replied.
Brad Johnson
Systems Administrator
Local Link Network Operations
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Ramsey Abu-Absi
Sent: Wednesday, May 19, 2004 2:57 PM
To: [EMAIL PROTECTED]
Subject: [VOPRadius] globalpops
Let me know if you have any luck!
Ramsey
At 03:46 PM 5/19/2004, you wrote:
Well, if I find that I�m not getting stop packets for users, I�ll be making their tech staff unhappy. If they say �we sent it� and they don�t know why its not getting to us, its still their problem in my opinion (their service model).
Brad Johnson
Systems Administrator
Local Link Network Operations
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Gene DuCharme
Sent: Wednesday, May 19, 2004 11:37 AM
To: [EMAIL PROTECTED]
Subject: [VOPRadius] globalpops
We use them and set up as (other-no security)
And yes we have had some problems with radius not receiving the stop packet. When I talked directly with Corey Pops at Global Pops he explained if you try to stay with their teir 1 system you will have less problems with ghosting. Although I have come in in the morning and found several customers ghosted who I know do not stay on 1000 or more minutes.
I just checked my logs and they customers are being logged.
High Speed Internet at it's Best
Gene DuCharme
Owner
Inland North West Internet
401 S. Park St.
Chewelah, Wa.
99109
[EMAIL PROTECTED]
http://www.inwi.net
tel:
fax:
mobile:
509-935-8923
509-935-8923
509-936-0633
Signature powered by Plaxo
Want a signature like this?
Add me to your address book...
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Brad Johnson
Sent: Wednesday, May 19, 2004 9:00 AM
To: [EMAIL PROTECTED]
Subject: [VOPRadius] globalpops
What client type is used with globalpops. I have client definitions setup and have tried with �other� and �Radius Server� and authentication is working however, I get no radius errors when a bad login is used, nor do I get an entry in onlineusers when a good login is used and gets connected.
Also, does globalpops pass on stop packets for users they detect as a ghost � or am I going to have ghost issues with them?
Brad Johnson
Systems Administrator
Local Link Network Operations
* * * C O N F I D E N T I A L I T Y S T A T E M E N T * * * This E-MAIL message and any accompanying documents contain confidential information intended for a specific individual and purpose. The information contained within is private and protected by law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this message is strictly prohibited. If you have received this communication in error, please notify us by return e-mail or by telephone at 419-661-1233 so that we can prevent a reoccurrence. Thank you in advance for your strict compliance and assistance.
* * * C O N F I D E N T I A L I T Y S T A T E M E N T * * * This E-MAIL message and any accompanying documents contain confidential information intended for a specific individual and purpose. The information contained within is private and protected by law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this message is strictly prohibited. If you have received this communication in error, please notify us by return e-mail or by telephone at 419-661-1233 so that we can prevent a reoccurrence. Thank you in advance for your strict compliance and assistance.
* * * C O N F I D E N T I A L I T Y S T A T E M E N T * * * This E-MAIL message and any accompanying documents contain confidential information intended for a specific individual and purpose. The information contained within is private and protected by law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this message is strictly prohibited. If you have received this communication in error, please notify us by return e-mail or by telephone at 419-661-1233 so that we can prevent a reoccurrence. Thank you in advance for your strict compliance and assistance.
