authentication question
I want to "authenticate" my users even if they don't enter valid username and password (authenticate by dialed number). Users connect only if they enter something in username field. How is it possible to connect them without entering username and password (I mean empty username and password field in their dial-up networking connections)? Does set modem_group all user_name some-username password some-password help?
Alex, Here's our procedure: 1. Telnet to HiperArc 2. These commands disable authentication and let anyone logon: a. Set modem_group all disable_authentication ppp b. Save all 3. These commands make radius activate again: a. Set modem_group all disable_authentication none b. Save all ----- Original Message ----- From: "alex" <alex@wanex.ge> To: "usr-tc" <usr-tc@mailman.xmission.com> Sent: Monday, March 17, 2003 3:19 PM Subject: [USR-TC] authentication question
I want to "authenticate" my users even if they don't enter valid username and password (authenticate by dialed number). Users connect only if they enter something in username field. How is it possible to connect them without entering username and password (I mean empty username and password field in their dial-up networking connections)?
Does set modem_group all user_name some-username password some-password help?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
But I want some users to be authenticated (depending on DNIS/ANI). Seth Jacobs wrote:
Alex,
Here's our procedure:
1. Telnet to HiperArc
2. These commands disable authentication and let anyone logon:
a. Set modem_group all disable_authentication ppp
b. Save all
3. These commands make radius activate again:
a. Set modem_group all disable_authentication none
b. Save all
----- Original Message ----- From: "alex" <alex@wanex.ge> To: "usr-tc" <usr-tc@mailman.xmission.com> Sent: Monday, March 17, 2003 3:19 PM Subject: [USR-TC] authentication question
I want to "authenticate" my users even if they don't enter valid username and password (authenticate by dialed number). Users connect only if they enter something in username field. How is it possible to connect them without entering username and password (I mean empty username and password field in their dial-up networking connections)?
Does set modem_group all user_name some-username password some-password help?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
Please explain your needs in more detail. -----Original Message----- From: usr-tc-bounces@mailman.xmission.com [mailto:usr-tc-bounces@mailman.xmission.com] On Behalf Of alex Sent: Monday, March 17, 2003 5:50 PM To: Discussion relating to the 3Com/US Robotics Total Control modem systems. Subject: Re: [USR-TC] authentication question But I want some users to be authenticated (depending on DNIS/ANI). Seth Jacobs wrote:
Alex,
Here's our procedure:
1. Telnet to HiperArc
2. These commands disable authentication and let anyone logon:
a. Set modem_group all disable_authentication ppp
b. Save all
3. These commands make radius activate again:
a. Set modem_group all disable_authentication none
b. Save all
----- Original Message ----- From: "alex" <alex@wanex.ge> To: "usr-tc" <usr-tc@mailman.xmission.com> Sent: Monday, March 17, 2003 3:19 PM Subject: [USR-TC] authentication question
I want to "authenticate" my users even if they don't enter valid username and password (authenticate by dialed number). Users connect only if they enter something in username field. How is it possible to connect them without entering username and password (I mean empty username and password field in their dial-up networking connections)?
Does set modem_group all user_name some-username password some-password help?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
I have n E1s. On each E1 can arrive 2 or more numbers (for example 111000 and 222111 etc). I want users who dial 111000 to pass "authentication" without entering any username (and password), but when another user dials 222111 he MUST authenticate with real username and password. How is it possible (if is possible). What if I set username parameter of modem_group and/or password? (I use chap if it can help). Adam Barnhill wrote:
Please explain your needs in more detail.
-----Original Message----- From: usr-tc-bounces@mailman.xmission.com [mailto:usr-tc-bounces@mailman.xmission.com] On Behalf Of alex Sent: Monday, March 17, 2003 5:50 PM To: Discussion relating to the 3Com/US Robotics Total Control modem systems. Subject: Re: [USR-TC] authentication question
But I want some users to be authenticated (depending on DNIS/ANI).
Seth Jacobs wrote:
Alex,
Here's our procedure:
1. Telnet to HiperArc
2. These commands disable authentication and let anyone
logon:
a. Set modem_group all disable_authentication ppp
b. Save all
3. These commands make radius activate again:
a. Set modem_group all disable_authentication none
b. Save all
----- Original Message ----- From: "alex" <alex@wanex.ge> To: "usr-tc" <usr-tc@mailman.xmission.com> Sent: Monday, March 17, 2003 3:19 PM Subject: [USR-TC] authentication question
I want to "authenticate" my users even if they don't enter valid
username
and password (authenticate by dialed number). Users connect only if they enter something in username field. How is it possible to connect them without entering username and password (I mean empty username and password field in their dial-up networking connections)?
Does set modem_group all user_name some-username password some-password help?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
The following answer has been forwarded from Support Central: http://commworks.custhelp.com/cgi-bin/commworks.cfg/php/enduser/std_alp. php Summary --------------------------------------------------------------- Use DNIS authentication to define service type You can view this answer at http://commworks.custhelp.com/cgi-bin/commworks.cfg/php/enduser/std_adp. php?p_faqid=1862&p_created=1015283939 Sender's Comment This is not an exact answer, but it might lead in the right direction. In my example below both will technically authenticate with Radius, but only one DNIS number will use Client supplied username/passwords. I don't have a test environment to test, but I think the following should work. Setup: 1. On the HiPerARC: Add modem_group all interface<interfaces> enabled yes Set modem_group all dnis_authentication required Set modem_group all dnis_auth_type dnis Set modem_group all dnis_auth_time before_answer Set modem_group all dnis_password mypassword 2. Setup ARC user for "Non-Authentication" DNIS number Add user 111000 password mypassword type network network_service ppp Set user 111000 dnis_reauthentication PAP (or your preference) 3. Setup Radius user 111000 password mypassword - using typical ppp client parameters (Minus any port limits or multilinking.) 4. Setup ARC user for "Authenticated" number Add user 222111 password mypassword type network network_service ppp Set user 222111 dnis_reathentication No_reauth NOTE: If caller dials number other than 111000 or 222111, the call is disconnected. An ARC user must be setup for each DNIS number or this method will not work for you. Anybody got thoughts on this process? -- Adam Barnhill Support Engineer, TotallyFabricated.com Information Technology Engineer, Poplar Bluff Internet, Inc. / Semo.net P.O. Box 190 | Poplar Bluff, MO 63902 | 573.686.9114, <http://www.semo.net/> Home of TotallyFabricated.com the creators of Total Scrutinizer -----Original Message----- From: usr-tc-bounces@mailman.xmission.com [mailto:usr-tc-bounces@mailman.xmission.com] On Behalf Of alex Sent: Monday, March 17, 2003 6:35 PM To: Discussion relating to the 3Com/US Robotics Total Control modem systems. Subject: Re: [USR-TC] authentication question I have n E1s. On each E1 can arrive 2 or more numbers (for example 111000 and 222111 etc). I want users who dial 111000 to pass "authentication" without entering any username (and password), but when another user dials 222111 he MUST authenticate with real username and password. How is it possible (if is possible). What if I set username parameter of modem_group and/or password? (I use chap if it can help). Adam Barnhill wrote:
Please explain your needs in more detail.
-----Original Message----- From: usr-tc-bounces@mailman.xmission.com [mailto:usr-tc-bounces@mailman.xmission.com] On Behalf Of alex Sent: Monday, March 17, 2003 5:50 PM To: Discussion relating to the 3Com/US Robotics Total Control modem systems. Subject: Re: [USR-TC] authentication question
But I want some users to be authenticated (depending on DNIS/ANI).
Seth Jacobs wrote:
Alex,
Here's our procedure:
1. Telnet to HiperArc
2. These commands disable authentication and let anyone
logon:
a. Set modem_group all disable_authentication ppp
b. Save all
3. These commands make radius activate again:
a. Set modem_group all disable_authentication none
b. Save all
----- Original Message ----- From: "alex" <alex@wanex.ge> To: "usr-tc" <usr-tc@mailman.xmission.com> Sent: Monday, March 17, 2003 3:19 PM Subject: [USR-TC] authentication question
I want to "authenticate" my users even if they don't enter valid
username
and password (authenticate by dialed number). Users connect only if they enter something in username field. How is it possible to connect them without entering username and password (I mean empty username and password field in their dial-up networking connections)?
Does set modem_group all user_name some-username password some-password help?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
Thanks for information. But I have another question: How to disable cleartext login? Adam Barnhill wrote:
The following answer has been forwarded from Support Central: http://commworks.custhelp.com/cgi-bin/commworks.cfg/php/enduser/std_alp. php
Summary --------------------------------------------------------------- Use DNIS authentication to define service type
You can view this answer at http://commworks.custhelp.com/cgi-bin/commworks.cfg/php/enduser/std_adp. php?p_faqid=1862&p_created=1015283939
Sender's Comment This is not an exact answer, but it might lead in the right direction. In my example below both will technically authenticate with Radius, but only one DNIS number will use Client supplied username/passwords. I don't have a test environment to test, but I think the following should work.
Setup: 1. On the HiPerARC: Add modem_group all interface<interfaces> enabled yes Set modem_group all dnis_authentication required Set modem_group all dnis_auth_type dnis Set modem_group all dnis_auth_time before_answer Set modem_group all dnis_password mypassword
2. Setup ARC user for "Non-Authentication" DNIS number Add user 111000 password mypassword type network network_service ppp Set user 111000 dnis_reauthentication PAP (or your preference)
3. Setup Radius user 111000 password mypassword - using typical ppp client parameters (Minus any port limits or multilinking.)
4. Setup ARC user for "Authenticated" number Add user 222111 password mypassword type network network_service ppp Set user 222111 dnis_reathentication No_reauth
NOTE: If caller dials number other than 111000 or 222111, the call is disconnected. An ARC user must be setup for each DNIS number or this method will not work for you.
Anybody got thoughts on this process?
I don't know that you can, the knowledgebase didn't turn anything up on the subject. Besides...Doesn't CHAP authentication use MD5 encrypted password strings, and send it to radius to decrypt/compare to cleartext server stored passwords? If you are worried about the data in transmission, CHAP is probably better suited for you. If you are more worried about your radius server being compromised, then PAP is :) imho. -- Adam Barnhill Support Engineer, TotallyFabricated.com Information Technology Engineer, Poplar Bluff Internet, Inc. / Semo.net P.O. Box 190 | Poplar Bluff, MO 63902 | 573.686.9114, <http://www.semo.net/> Home of TotallyFabricated.com the creators of Total Scrutinizer -----Original Message----- From: usr-tc-bounces@mailman.xmission.com [mailto:usr-tc-bounces@mailman.xmission.com] On Behalf Of alex Sent: Tuesday, March 18, 2003 4:11 PM To: Discussion relating to the 3Com/US Robotics Total Control modem systems. Subject: Re: [USR-TC] authentication question Thanks for information. But I have another question: How to disable cleartext login? Adam Barnhill wrote:
The following answer has been forwarded from Support Central: http://commworks.custhelp.com/cgi-bin/commworks.cfg/php/enduser/std_alp . php
Summary --------------------------------------------------------------- Use DNIS authentication to define service type
You can view this answer at http://commworks.custhelp.com/cgi-bin/commworks.cfg/php/enduser/std_adp . php?p_faqid=1862&p_created=1015283939
Sender's Comment This is not an exact answer, but it might lead in the right direction. In my example below both will technically authenticate with Radius, but only one DNIS number will use Client supplied username/passwords. I don't have a test environment to test, but I think the following should work.
Setup: 1. On the HiPerARC: Add modem_group all interface<interfaces> enabled yes Set modem_group all dnis_authentication required Set modem_group all dnis_auth_type dnis Set modem_group all dnis_auth_time before_answer Set modem_group all dnis_password mypassword
2. Setup ARC user for "Non-Authentication" DNIS number Add user 111000 password mypassword type network network_service ppp Set user 111000 dnis_reauthentication PAP (or your preference)
3. Setup Radius user 111000 password mypassword - using typical ppp client parameters (Minus any port limits or multilinking.)
4. Setup ARC user for "Authenticated" number Add user 222111 password mypassword type network network_service ppp Set user 222111 dnis_reathentication No_reauth
NOTE: If caller dials number other than 111000 or 222111, the call is disconnected. An ARC user must be setup for each DNIS number or this method will not work for you.
Anybody got thoughts on this process?
_______________________________________________ USR-TC mailing list USR-TC@mailman.xmission.com http://mailman.xmission.com/cgi-bin/mailman/listinfo/usr-tc
hello. we have a copy of hiperdsp.pl that we got off of a link from here and we have mrtg installed and we really need some help getting it to work. are there any more docs besides the mrtg.cfg and the hiperdsp.pl ?? we are VERY new to mrtg. matthew
participants (4)
-
Adam Barnhill -
alex -
matthew -
Seth Jacobs