Re: (ASCEND) Limiting Users

To: Phillip Vandry <vandry@Mlink.NET>
Subject: Re: (ASCEND) Limiting Users
From: Jim Howard <jhoward@lyceum.com>
Date: Tue, 19 Aug 1997 16:26:33 -0400
Cc: Jesse Martinez <jmartine@ecis.com>, ascend-users@bungi.com
Sender: owner-ascend-users@max.bungi.com

At 14:23 08/19/1997 -0400, Phillip Vandry wrote:
>> It's creates a huge file. That's the problem. If I want to allow only
>> E-mail accounts It takes a 8+ line entry per user. My user file is over
>> 5000 lines long now. If Ascend would use attrib 11 and add multiple
>> defaults like Livingston I could get by with well less then 1000 lines.
>> I'd even use Livingstons radius over Ascends because it is better and I
>> have some livinston equipment.
>
>My 2¢...
>
>Actually, I'd prefer not to see this. It means the Max has to make multiple
>RADIUS queries when these users log in - to fetch their profile, and then
>the profile that their profile sources. I also presume that this could go
>on for several levels.

I don't think that requesting a copy of the filter-profile during 
every authentication request that references the filter is nescecary, 
and that was not how I interpreted other's messages on this topic.

If the MAX downloads the filter profiles after reboot
just like is done with other radius based config: 
        banner-myroutername
        pools-myroutername
        filter-1-myroutername
        filter-2-myroutername

then your user profiles can reference one of the predefined radius filters,
or a filter that is defined in the MAX itself.

Advantages: 1. you update the filter ONCE when changes are nescecary,
instead of updating the individual filters of hundreds/thousands of users.
2. would probably use less memory in the MAX than current method.

Disadvantages: May require changes to MAX and to radius servers.

Alternatives: Hack your radius server to do this "on the fly"
ie, when it sees a reference for filter #1, it looks up filter #1
and dynamicly puts that in the Radius response to the max,
no changes needed on the max

-Jim H
----
Jim Howard             Sr Network Engineer        Lyceum Internet
jhoward@lyceum.com     http://www.lyceum.com/     404.248.1733     

My PGP Public Key: http://www.lyceum.com/~jhoward/pgp-key.txt
Fingerprint: 7E8B E2BA 1314 2535 CB08  CFF9 119B 7CD3 2488 954D

++ Ascend Users Mailing List ++
To unsubscribe:	send unsubscribe to ascend-users-request@bungi.com
To get FAQ'd:	<http://www.nealis.net/ascend/faq>

Prev by Date: Re: (ASCEND) version 5.0B of pipelines
Next by Date: Re: (ASCEND) version 5.0B of pipelines
Prev by thread: Re: (ASCEND) Limiting Users
Next by thread: Re: (ASCEND) Limiting Users
Index(es):
- Main
- Thread