Hello P.,
Saturday, June 26, 2004, 8:22:39 AM, you wrote:
PP> Hi,
PP> I have been doing some tests with billing: it supports h235
PP> auth, static ip, static ip + h235, static ip + alias authorization.
PP> To be able to corretcly bill endpoints that do not support
PP> ras or simply call through gnugk as through a gateway I need to
PP> enable AcceptUnregisteredCalls, but in this case I have a big
PP> problem with those that authorized by h235 username+pass.
PP> my config is like this:
PP> [Gatekeeper::Auth]
PP> RadAuth=optional;RRQ,ARQ
PP> RadAliasAuth=sufficient;RRQ,ARQ,Setup
PP> If an endpoint is supposed to be authenticated by h235
PP> username and password then everything goes well until it sends
PP> setup and where gnugk tries to authorize it's call second time and
PP> it, of course, fails at this point without h235 fields (it sends
PP> clear username/password pair, but my billing expects chap_password
PP> for this user)
PP> And the worst thing in this scenario is that gnugk sends
PP> Acct-Stop WITHOUT sending Acct-Start!!! which is probably a error
PP> to send accouning messages without delivering service, or at least
PP> to send acct-stop without acct-start. In my billing acct-stop
PP> decrements simultaneous usage counter (that is incremented by
PP> acct-start) and sending acct-stop without acct-start is a security
PP> problem for billing systems that tracks simultaneous usage limit
PP> the same way.
PP> Is there any solution for this, has anybody noticed this behavior?
PP> Thanks.
I told you about this problem but you would not listen me ;)
What you can todo? nothing really good... you can have a cache of
previously authentificated calls, and when setup message arrive, you
must check it in this cache... if call was authorized, than you
authorize your setup. I have not any ideas how to solve this problem
other way.
P.S. In 2.0.8 version added new option: CheckSetupUnregisteredOnly but
there is problems with it - some endpoints, like ATA186,
Netmeeting don't send ARQ when call starts, only setup... so it not
work as needed.
--
Best regards,
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,.
Mike Tkachuk, ph:380-3433-47067
YES ISP, fx:380-3433-47067
Valova 17, mike|a|yes.net.ua
Kolomyia, www.yes.net.ua
Ukraine 78200 FWD: 66518
26.06.2004
ICQ# 57698805
MSN: mike_tkachuk|a|hotmail.com
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
