There is a new "SetupUnreg" Gatekeeper::Auth tag in the cvs that triggers authentication for unregistered endpoints only, so you config should translate to something like: [Gatekeeper::Auth] RadAuth=optional;RRQ,ARQ RadAliasAuth=sufficient;RRQ,ARQ,SetupUnreg Having Acct-Stop without Acct-Start actually can often quite often, if no signalling channel has been opened. For example, ARQ has been received and the call record timed out. I am sure you can easily detect this situation inside a trigger, whether Acct-Stop inserts a new call record (no Acct-Start) or just updates an existing one. Also I am not sure if it is a good idea to keep track of simultaneous calls via acct-start/acct-stop. I can easily imagine some situation that will break this (network failure, gatekeeper crash) and you will end up with incorrect counter. ----- Original Message ----- From: "P. P." <block111@xxxxxxx> Sent: Saturday, June 26, 2004 7:22 AM > Hi, > I have been doing some tests with billing: it supports h235 auth, static ip, static ip + h235, static ip + alias authorization. > > To be able to corretcly bill endpoints that do not support ras or simply call through gnugk as through a gateway I need to enable AcceptUnregisteredCalls, but in this case I have a big problem with those that authorized by h235 username+pass. > > my config is like this: > > [Gatekeeper::Auth] > RadAuth=optional;RRQ,ARQ > RadAliasAuth=sufficient;RRQ,ARQ,Setup > > > If an endpoint is supposed to be authenticated by h235 username and password then everything goes well until it sends setup and where gnugk tries to authorize it's call second time and it, of course, fails at this point without h235 fields (it sends clear username/password pair, but my billing expects chap_password for this user) > And the worst thing in this scenario is that gnugk sends Acct-Stop WITHOUT sending Acct-Start!!! which is probably a error to send accouning messages without delivering service, or at least to send acct-stop without acct-start. In my billing acct-stop decrements simultaneous usage counter (that is incremented by acct-start) and sending acct-stop without acct-start is a security problem for billing systems that tracks simultaneous usage limit the same way. > > Is there any solution for this, has anybody noticed this behavior? > > Thanks. ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
