Bill:
 
Your response may be my salvation.
 
First let me explain what I am doing. I have a temporary testbed (a RH 6.2 server) authentication server. I am running freeRADIUS-1.0.1. The authentication protocol is PAP.
 
If the testing goes OK, I plan to setup mySQL database. All user information will be stored in mySQL DB and free RADIUS will use this DB to authenticate.
 
Your method will work for me. It gives me the opportunity to set different time-out for different users. Similarly, I can setup other attributes specific to each user, if I so desire.
 
I have set up the freeRADIUS server but have never setup attributes. If you can send me how you setup the attributes in RADIUS, I maybe able to set freeRadius. Another settings which I may need help with is the proper filters to make TC look like a Firewall.
 
Your help is highly appreciated.
 
Kirti
 
-----Original Message-----
From: Egnatoff, Billy [mailto:Bill.Egnatoff@hit.cendant.com]
Sent: Tuesday, February 01, 2005 11:39 AM
To: 'usr-tc@mailman.xmission.com'
Subject: [USR-TC] RE: USR-TC Digest, Vol 23, Issue 10 Inactivity Time-out via Radi us profile.

 

Kirti,

 

I configured our Total Controls with a 60 second time-out using a Radius profile.  I don't know if you are using an external authentication method, but I though I would share this with all the same. 

 

Here is how I have it all configured.  It looks tough but it is really simple.

 

All of my callers must authenticate to an LDAP server.  They do this via a Radius system.  Within the LDAP directory server I created and assigned a mandatory attribute for all user objects called $ATTRIB1.  I'll use this for creating groups for users in which I can then apply filters.

 

How it works!

Upon successful authentication I configured my Radius system to retrieve from LDAP, the value of $ATTRIB1 for that particular user and then assign the user a Radius_Profile named $ATTRIB1.(same value/name)  In these profiles I have Total Control returnable attributes, such as TC_TimeOut, TC_FilterID, TC_IPADDRESSPOOL.  These attribute will automatically be sent to the Total Control Chassis and assigned to the user's session.

 

Step by Step:  

A VIP John Doe dials in and tries to authenticate.

Total Control authenticates via Radius.

Radius is configured to authenticate from external LDAP and retrieve attribute $x.

IF authentication is successful, LDAP returns attribute $x's value. (I.e. VIP, HR, etc)

Radius assigns user to profile named VIP

Within profile VIP is a list of items to be sent to Total Control for the user's session, including: Time-Out, TC_IPAddressPool, FilterID or whatever you want.  There are hundreds of attribute you can return.

 

 

I know this might be over-kill for what you asked.  If not, let me know and I can send you my config if you're interested.  Doing a configuration like this make your TC seem like a firewall when used with filters correctly.  I am using Funk's radius software and Netscape Directory Server (LDAP).

 

Bill Egnatoff

 

Sr. Systems Engineer, Central Systems

Cendant Hotel Information Technology

(602) 433-5769-v   (602) 433-5760-f

 

 

 

Message: 2

Date: Mon, 31 Jan 2005 15:12:49 -0500

From: "Kirti S. Bajwa" <kbajwa@tib.com>

Subject: [USR-TC] Time-Out Settings

To: "'Discussion relating to the 3Com/US Robotics Total Control modem

     systems.'" <usr-tc@mailman.xmission.com>

Message-ID: <4B51F7FF1CDFD811A32A0020ED31AFEE1276A6@TESUQUE>

Content-Type: text/plain;    charset="ISO-8859-1"

 

Hello List:

 

On out 3COM, I have setup ,Inactivity Time [min][S19]' settings to '12'

minutes (Under TCM > HiPer DSP Cards > Configure > Call Control Options).

However, when I test this feature by dialing-in from my PC into 3COM, the connection remains open for an extended number of minutes. I do not know what the maximum time it remains open but as of this post the connection is up for 40+ minutes with no activity from my PC.

 

Is ther anything wrong I am doing? How can I setup so the users disconnect when they reach the 'Inactivity Time"?

 

Kirti