* This is the VOP Radius mailing list * Ramsey, I'm waiting for a final decision from Vircom on the feature, however, I'm getting the impression they are giving serious consideration to it .....
Steve ----- Original Message ----- From: "Ramsey Abu-Absi" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, May 24, 2004 11:20 AM Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" (wholesale ports) > * This is the VOP Radius mailing list * > That's correct Gene. However, based on previous posts, Brad is working on > getting GP to send watchdog packets (and having more success than I ever > did), and I think it was Steven who was working with Vircom to implement a > piece of logic in VOPRadius that emulates GP's ghosting policy. Is there > any progress to report on either front? > > Thanks, > Ramsey > > At 11:01 AM 5/24/2004, you wrote: > >* This is the VOP Radius mailing list * > >So, Correct me if I am wrong. At this time the only cure for this problem > >is to allow multiple logins and allow GP to control ghosting? > > > >------------------------------------ > >Inland North West Internet > >Gene DuCharme > >Owner > >[EMAIL PROTECTED] > >401 S. Park St. > >Chewelah, Wa. > >99109 > >tel: 509-935-8923 > >fax: 509-935-8923 > >mobile: 509-936-0633 > >http://www.inwi.net > >------------------------------------ > > > > > >-----Original Message----- > >From: [EMAIL PROTECTED] > >[mailto:[EMAIL PROTECTED] Behalf Of Brad Johnson > >Sent: Monday, May 24, 2004 7:50 AM > >To: [EMAIL PROTECTED] > >Subject: [VOPRadius] "Ghost users causing simultaneous login limit > >exceeded" (wholesale ports) > > > > > >* This is the VOP Radius mailing list * > >We will have to agree to disagree. I completely understand your point and > >could get on board IF VOPRadius had some logic that found the real name of > >the NAS and displayed it. It doesn't and on its best day will only display > >the name you have configured in the client definitions. Since this is the > >case ... I think it should do this always. > > > >Thanks for the input and discussion. Debate is good! > > > >Brad Johnson > > Systems Administrator > > Local Link Network Operations > > > > > >-----Original Message----- > >From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > >Behalf Of WebWiz > >Sent: Friday, May 21, 2004 8:15 PM > >To: [EMAIL PROTECTED] > >Subject: [VOPRadius] "Ghost users causing simultaneous login limit exceeded" > >(wholesale ports) > > > >* This is the VOP Radius mailing list * > >Brad, I still think you're misunderstanding what I'm trying to say. > > > >I understand that you have several NASes, but each NAS is set up as a > >client in your Radius Config. In that scenario, the client *is* the > >NAS, and VOP Radius can easily assign a name to the NAS in it's Online > >Users display. Look at it this way: Client == NAS in this scenario. > > > >But for GlobalPops, you set up TWO clients (rad01... and rad02...). > >Those are "aggregator" Radius servers that accept AUTH requests from > >multiple NASes and forward the requests on to you. You accept the AUTH > >request from the GlobalPops Radius server because you know it. But > >because it's passing on a request that came from a NAS that you DON'T > >know, there's no way to assign a name to the NAS. In this situation > >Client != NAS. > > > >You're getting a request from 4.3.2.1 (hypothetically the IP of GP's > >RADIUS server) that was originated on a NAS 4.3.80.33 (hypothetically > >the IP of the NAS that took the call). VOP Radius *knows* what name > >you've assigned to 4.3.2.1, but it doesn't know 4.3.80.33 from Adam. > > > >In neither scenario does VOP Radius know or care what the "real" name of > >the NAS is. > > > >It sounds like you want VOP Radius to display the name of the CLIENT > >through which the request was passed, rather than the name of the NAS > >from which the request originated. That would be an enhancement request > >for the folks at Vircom. My point is that this is an ENHANCEMENT > >request. It's not a bug or a problem or an "issue". > > > >And if we still disagree, that's cool. I'll agree to disagree amicably > >and we can let these good people get back to whatever they were doing > >before. ;) > > > >Regards, > >Eric Longman > >Atl-Connect Internet Services > > > >+-------------------------------------------------------+ > >| Atl-Connect Internet Services http://www.atlcon.net | > >| 3600 Dallas Hwy Ste 230-288 770 590-0888 | > >| Marietta, GA 30064-1685 [EMAIL PROTECTED] | > >+-------------------------------------------------------+ > > > > > >Brad Johnson wrote: > > > * This is the VOP Radius mailing list * > > > I would argue that point. I have several NAS that each have real names. I > > > specify the "NAS Name" in the client definition descriptively for the > > > benefit of our support dept and in all cases the name used is the name in > > > the client definition. Therefore I feel fairly confident in saying the > >real > > > NAS name has nothing to do with it at all. > > > > > > This being the case, the issue here is simply this ... When the NAS ip and > > > the Radius IP match, it uses the "NAS Name" configured in the client > > > definitions. When the NAS ip and the Radius IP do not match, it ignores > >the > > > "NAS Name" configured in the client definitions and uses N/A. > > > > > > I see no logical reason for this since the real NAS name never plays into > > > the equation. Therefore I would call this an "issue with VOP Radius". > > > > > > I'm sure my support dept. is well more than bright enough to know that N/A > > > means "NOT APPLICABLE" (hehe). As for the rest, I'm trying to avoid > > > potential questions as I don't believe "OH, that must be a NAS outside of > > > NOC's control" is the first reaction anyone's support staff would have. > > > Secondly, it just plain bugs me. > > > > > > Brad Johnson > > > Systems Administrator > > > Local Link Network Operations > > > > > > > > > > > > -----Original Message----- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > >On > > > Behalf Of WebWiz > > > Sent: Friday, May 21, 2004 3:06 PM > > > To: [EMAIL PROTECTED] > > > Subject: [VOPRadius] "Ghost users causing simultaneous login limit > >exceeded" > > > (wholesale ports) > > > > > > * This is the VOP Radius mailing list * > > > Yes, it knows what CLIENT it goes with, but there's no associated name > > > configured for the NAS (remember NAS does not equal CLIENT in this > > > case). The display in VOP Radius just happens to display the name of > > > the NAS rather than the name of the Client definition. In the case of a > > > NAS that passed through a "remote" Radius Server before it got to your > > > Radius server, how the heck could it possibly know the name of the NAS? > > > > > > Your support techs should be bright enough to comprehend that "N/A" for > > > the name of the NAS means "Not Available" because it's a remote NAS > > > that's out of your control. > > > > > > Regards, > > > Eric Longman > > > Atl-Connect Internet Services > > > > > > +-------------------------------------------------------+ > > > | Atl-Connect Internet Services http://www.atlcon.net | > > > | 3600 Dallas Hwy Ste 230-288 770 590-0888 | > > > | Marietta, GA 30064-1685 [EMAIL PROTECTED] | > > > +-------------------------------------------------------+ > > > > > > > > > > > > Brad Johnson wrote: > > > > > >>* This is the VOP Radius mailing list * > > >>Right .... I just don't see why it would use N/A. If I have a NAS without > > > > > > a > > > > > >>client definition at all, radius won't allow authentication. This is > > >>allowing it so it know what client definition the connections are for .... > > >>and so I think it should use the NAS name. > > >> > > >>The name does me no good, but my support techs will question it. > > >> > > >>Brad Johnson > > >> Systems Administrator > > >> Local Link Network Operations > > >> > > >> > > >> > > >>-----Original Message----- > > >>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > > > > > On > > > > > >>Behalf Of WebWiz > > >>Sent: Friday, May 21, 2004 2:38 PM > > >>To: [EMAIL PROTECTED] > > >>Subject: [VOPRadius] "Ghost users causing simultaneous login limit > > > > > > exceeded" > > > > > >>(wholesale ports) > > >> > > >>* This is the VOP Radius mailing list * > > >>Actually, I think this is due to the fact that you probably DON'T have > > >>the NAS set up in your client definitions. You've got a RadiusServer > > >>between you and the NAS, but the accounting packets actually define for > > >>you the NAS into which the user is calling. > > >> > > >>The scenario is this: > > >> > > >>[Caller] -> [NAS] -> [GP Radius] -> [Your Radius] > > >> > > >>The [GP Radius] is reporting to you the IP of the NAS that's actually > > >>handling the call. You've defined [GP Radius] to your Radius server, > > >>since it's the one sending you packets, but you haven't defined the > > >>actual [NAS] since you don't have a list of those. Even if you did, > > >>what benefit would you get from giving the NAS a name? You've got the > > >>IP address in case you need to track down a problem. > > >> > > >>Regards, > > >>Eric Longman > > >>Atl-Connect Internet Services > > >> > > >>+-------------------------------------------------------+ > > >>| Atl-Connect Internet Services http://www.atlcon.net | > > >>| 3600 Dallas Hwy Ste 230-288 770 590-0888 | > > >>| Marietta, GA 30064-1685 [EMAIL PROTECTED] | > > >>+-------------------------------------------------------+ > > >> > > >> > > >> > > >>Brad Johnson wrote: > > >> > > >> > > >>>Hmmm, got to be a VopRadius issue then . wouldn't you think? > > >>> > > >>> > > >>> > > >>>Brad Johnson > > >>> > > >>> Systems Administrator > > >>> > > >>> Local Link Network Operations > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>------------------------------------------------------------------------ > > >>> > > >>>*From:* [EMAIL PROTECTED] > > >>>[mailto:[EMAIL PROTECTED] *On Behalf Of *Ramsey Abu-Absi > > >>>*Sent:* Friday, May 21, 2004 1:53 PM > > >>>*To:* [EMAIL PROTECTED] > > >>>*Subject:* [VOPRadius] "Ghost users causing simultaneous login limit > > >>>exceeded" (wholesale ports) > > >>> > > >>> > > >>> > > >>>Yes - I get N/A too. On the END records, though, the NAS name shows up > > >>>as the client name as it's set up in the client definitions. > > >>> > > >>>Thanks, > > >>>Ramsey > > >>> > > >>>At 12:30 PM 5/21/2004, you wrote: > > >>> > > >>>Do you get "N/A" rather than your configured NAS Name in your online > > >>>users listing for GP user? I'm getting that now .. Can't see why. > > >>> > > >>>Brad Johnson > > >>> Systems Administrator > > >>> Local Link Network Operations > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>*From:* [EMAIL PROTECTED] > > >>>[mailto:[EMAIL PROTECTED] *On Behalf Of *Cary Fitch > > >>>*Sent:* Friday, May 21, 2004 11:19 AM > > >>>*To:* [EMAIL PROTECTED] > > >>>*Subject:* [VOPRadius] "Ghost users causing simultaneous login limit > > >>>exceeded" (wholesale ports) > > >>> > > >>>We use a different user name for "national customers" > > >>> > > >>>[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> vs. just XXXXX for local users. > > >>> > > >>>We don't list Global Pops numbers where we have our own. > > >>>We buy ports, not accounts. > > >>> > > >>>BTW GP also does total time limits over a rolling 30 day period for you > > >>>if you like. > > >>> > > >>>CF > > >>> > > >>>Cary > > >>> > > >>> > > >>>----- Original Message ----- > > >>> > > >>>From: Brad Johnson <mailto:[EMAIL PROTECTED]> > > >>> > > >>>To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > >>> > > >>>Sent: Friday, May 21, 2004 10:52 AM > > >>> > > >>>Subject: [VOPRadius] "Ghost users causing simultaneous login limit > > >>>exceeded" (wholesale ports) > > >>> > > >>> > > >>> > > >>>And. ? > > >>> > > >>>Your NAS users have a different profile and can't travel . or can, but > > >>>not to a GP number? > > >>> > > >>>Your GP users can't use your NAS . or can but can login several times? > > >>> > > >>> > > >>> > > >>>I'm trying to understand in what scenario this would be a solution. > > >>> > > >>> > > >>> > > >>>Brad Johnson > > >>> > > >>> Systems Administrator > > >>> > > >>> Local Link Network Operations > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>From: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > >>>[mailto:[EMAIL PROTECTED] On Behalf Of Cary Fitch > > >>> > > >>>Sent: Friday, May 21, 2004 10:43 AM > > >>> > > >>>To: [EMAIL PROTECTED] > > >>> > > >>>Subject: [VOPRadius] "Ghost users causing simultaneous login limit > > >>>exceeded" (wholesale ports) > > >>> > > >>> > > >>> > > >>>Yes, we do. > > >>> > > >>> > > >>> > > >>>Cary > > >>> > > >>>----- Original Message ----- > > >>> > > >>>From: Brad Johnson <mailto:[EMAIL PROTECTED]> > > >>> > > >>>To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > >>> > > >>>Sent: Friday, May 21, 2004 10:38 AM > > >>> > > >>>Subject: [VOPRadius] "Ghost users causing simultaneous login limit > > >>>exceeded" (wholesale ports) > > >>> > > >>> > > >>> > > >>>Heh, do you even have any of your own NAS? If so, do you allow multiple > > >>>logins on those to, or do you restrict your users from traveling with > > >>>their account? > > >>> > > >>> > > >>> > > >>>If your suggestion was any kind of solution for me (or most of us for > > >>>that matter) this thread wouldn't have lived as long as it has. > > >>> > > >>> > > >>> > > >>>Brad Johnson > > >>> > > >>> Systems Administrator > > >>> > > >>> Local Link Network Operations > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > > >>>On Behalf Of Cary Fitch > > >>> > > >>>Sent: Friday, May 21, 2004 9:40 AM > > >>> > > >>>To: [EMAIL PROTECTED] > > >>> > > >>>Subject: [VOPRadius] "Ghost users causing simultaneous login limit > > >>>exceeded" (wholesale ports) > > >>> > > >>> > > >>> > > >>>Give them a profile that allows multiple logins and let Global Pops > > >>>handle limits. > > >>> > > >>> > > >>> > > >>>("I keep saying this,over, and over and over.") > > >>> > > >>> > > >>> > > >>>Cary Fitch > > >>> > > >>>----- Original Message ----- > > >>> > > >>>From: Gene DuCharme <mailto:[EMAIL PROTECTED]> > > >>> > > >>>To: [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > >>> > > >>>Sent: Friday, May 21, 2004 9:30 AM > > >>> > > >>>Subject: [VOPRadius] "Ghost users causing simultaneous login limit > > >>>exceeded" (wholesale ports) > > >>> > > >>> > > >>> > > >>>The exact scenario that we get from GP is this: > > >>> > > >>> > > >>> > > >>>User connects, everything is just fine. > > >>> > > >>>They disconnect gracefully. > > >>> > > >>>I look in my radius and they are still there, so the next time they try > > >>>to log on they get invalid user and or pass. > > >>> > > >>> > > >>> > > >>>Until I actually delete them from VOP Radius they cannot log back on. > > >>> > > >>> > > >>> > > >>>This really makes it hard to sustain a nationwide presence or to > > >>>recommend to our customers leaving the area to stay with us on our > > >>>outside dial-ups. > > >>> > > >>> > > >>> > > >>>There has to be a cure somewhere, somehow. LOL > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>High Speed Internet at it's Best > > >>> > > >>> > > >>> > > >>>Gene DuCharme > > >>> > > >>>Owner > > >>> > > >>>Inland North West Internet > > >>> > > >>>401 S. Park St. > > >>> > > >>> > > >> > > >> > > > > ><http://maps.yahoo.com/py/maps.py?Pyt=Tmap&addr=401+S.+Park+St.&csz=Chewela h> > > >>%2C+Wa.&country=us> > > >> > > >>>_Chewelah, Wa. > > >>> > > >>> > > >> > > >> > > > > ><http://maps.yahoo.com/py/maps.py?Pyt=Tmap&addr=401+S.+Park+St.&csz=Chewela h> > > >>%2C+Wa.&country=us>_ > > >> > > >> > > >>>_99109 > > >>> > > >> > > >> > > > > ><http://maps.yahoo.com/py/maps.py?Pyt=Tmap&addr=401+S.+Park+St.&csz=Chewela h> > > >>%2C+Wa.&country=us>_ > > >> > > >> > > >>>[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > > >>> > > >>>http://www.inwi.net <http://www.inwi.net/> > > >>> > > >>>tel: > > >>> > > >>>fax: > > >>> > > >>>mobile: > > >>> > > >>>509-935-8923 > > >>> > > >>>509-935-8923 > > >>> > > >>>509-936-0633 > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>Signature powered by Plaxo <http://www.plaxo.com/signature> > > >>> > > >>>Want a signature like this? <http://www.plaxo.com/signature> > > >>> > > >>>Add me to your address book... > > >>><https://www.plaxo.com/add_me?u=12885176260&v0=541057&k0=1122043454> > > >>> > > >>>-----Original Message----- > > >>> > > >>>From: [EMAIL PROTECTED] > > >>>[mailto:[EMAIL PROTECTED] Behalf Of Gary Carr > > >>> > > >>>Sent: Friday, May 21, 2004 6:57 AM > > >>> > > >>>To: [EMAIL PROTECTED] > > >>> > > >>>Subject: [VOPRadius] "Ghost users causing simultaneous login limit > > >>>exceeded" (wholesale ports) > > >>> > > >>> > > >>> > > >>>>GlobalPops position on all the watchdog/stop packet info is that they > > >>> > > >>>are UDP and there can be losses with no notification. > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>That is true but I see watchdog packets as another way to limit abuse, > > >>>not a 100% sure method. > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>>Their ultimate ghosting and over use protection is from the logon caller > > > > >>> > > >>>ID. But not the caller ID that consumers get, the one internal to > > >>>Telecom >Companies. It can't be blocked. > > >>> > > >>> > > >>> > > >>>Hmm, where does that internal caller ID come from that, and does it get > > >>>passed to the NAS and onto the radius. That sounds very close to the > > >>>port method that Aleron uses. > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>>If there are logons from the same number simultaniously, that is a ghost > > > > >>> > > >>>and the old one is "killed". If they are from different numbers that is > > >>>"abuse" and it >is allowed to a limit... with abusers duplicate (trust) > > >>>privledges removed once they are a demonstrated abuser. (So many > > >>>occurances, for instance.) > > >>> > > >>> > > >>> > > >>>>GP doesn't believe in Watchdog packets or for that matter Stop packets > > >>> > > >>>as "the truth". Logons from the same or different numbers are proof > > >>>positive. > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>Does GP have a per user cap on the amount of hours? Is so what happens > > >>>if a user disconnects and doesn't reconnet until the next day or later. > > >>>In that case the caller-id method would fail to remove the user in a > > >>>timely manner. > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>That's pretty interesting. Will they give any more details about that. > > >>>We were considering adding GlobalPOPs until this thread started. Still > > >>>may if they have a way to pass the disconnected user information to our > > >>>radius servers. > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>> > > >>>Gary > > >>> > > >>> > > >>> > > >>>* * * C O N F I D E N T I A L I T Y S T A T E M E N T * * * This E-MAIL > > >>>message and any accompanying documents contain confidential information > > >>>intended for a specific individual and purpose. The information > > >>>contained within is private and protected by law. If you are not the > > >>>intended recipient, you are hereby notified that any disclosure, > > >>>copying, distribution, or the taking of any action in reliance on the > > >>>contents of this message is strictly prohibited. If you have received > > >>>this communication in error, please notify us by return e-mail or by > > >>>telephone at 419-661-1233 so that we can prevent a reoccurrence. Thank > > >>>you in advance for your strict compliance and assistance. > > >>> > > >> > > >> > > >>** > > >>To leave this list, send an email to [EMAIL PROTECTED] > > >>and put the word "LEAVE" in the BODY of the email. > > >> > > >> > > >>** > > >>To leave this list, send an email to [EMAIL PROTECTED] > > >>and put the word "LEAVE" in the BODY of the email. > > >> > > > > > > > > > ** > > > To leave this list, send an email to [EMAIL PROTECTED] > > > and put the word "LEAVE" in the BODY of the email. > > > > > > > > > ** > > > To leave this list, send an email to [EMAIL PROTECTED] > > > and put the word "LEAVE" in the BODY of the email. > > > > > > >** > >To leave this list, send an email to [EMAIL PROTECTED] > >and put the word "LEAVE" in the BODY of the email. > > > > > >** > >To leave this list, send an email to [EMAIL PROTECTED] > >and put the word "LEAVE" in the BODY of the email. > > > > > >** > >To leave this list, send an email to [EMAIL PROTECTED] > >and put the word "LEAVE" in the BODY of the email. > > > > > * * * C O N F I D E N T I A L I T Y S T A T E M E N T * * * > This E-MAIL message and any accompanying documents contain confidential information intended for a specific individual and purpose. The information contained within is private and protected by law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, > distribution, or the taking of any action in reliance on the contents of this message is strictly prohibited. If you have received this communication in error, please notify us by return e-mail or by telephone at 419-661-1233 so that we can prevent a reoccurrence. Thank you in advance for your strict compliance and assistance. > > > ** > To leave this list, send an email to [EMAIL PROTECTED] > and put the word "LEAVE" in the BODY of the email. > ** To leave this list, send an email to [EMAIL PROTECTED] and put the word "LEAVE" in the BODY of the email.
