>From my knowledge, both ATA186 and NM send ARQ. Maybe some misconfiguration problem? At least NM/ATA I played with both sent ARQ. If an endpoint is registered with the gatekeeper and has not recieved pregrantedARQ (which is not the case with GnuGk) it HAS to send ARQ before opening a signalling channel. ----- Original Message ----- From: "Mike Tkachuk" <mike@xxxxxxxxxx> Sent: Saturday, June 26, 2004 10:37 AM > Hello P., > > Saturday, June 26, 2004, 8:22:39 AM, you wrote: > > > PP> Hi, > PP> I have been doing some tests with billing: it supports h235 > PP> auth, static ip, static ip + h235, static ip + alias authorization. > > PP> To be able to corretcly bill endpoints that do not support > PP> ras or simply call through gnugk as through a gateway I need to > PP> enable AcceptUnregisteredCalls, but in this case I have a big > PP> problem with those that authorized by h235 username+pass. > > PP> my config is like this: > > PP> [Gatekeeper::Auth] > PP> RadAuth=optional;RRQ,ARQ > PP> RadAliasAuth=sufficient;RRQ,ARQ,Setup > > > PP> If an endpoint is supposed to be authenticated by h235 > PP> username and password then everything goes well until it sends > PP> setup and where gnugk tries to authorize it's call second time and > PP> it, of course, fails at this point without h235 fields (it sends > PP> clear username/password pair, but my billing expects chap_password > PP> for this user) > PP> And the worst thing in this scenario is that gnugk sends > PP> Acct-Stop WITHOUT sending Acct-Start!!! which is probably a error > PP> to send accouning messages without delivering service, or at least > PP> to send acct-stop without acct-start. In my billing acct-stop > PP> decrements simultaneous usage counter (that is incremented by > PP> acct-start) and sending acct-stop without acct-start is a security > PP> problem for billing systems that tracks simultaneous usage limit > PP> the same way. > PP> Is there any solution for this, has anybody noticed this behavior? > PP> Thanks. > > I told you about this problem but you would not listen me ;) > > What you can todo? nothing really good... you can have a cache of > previously authentificated calls, and when setup message arrive, you > must check it in this cache... if call was authorized, than you > authorize your setup. I have not any ideas how to solve this problem > other way. > > P.S. In 2.0.8 version added new option: CheckSetupUnregisteredOnly but > there is problems with it - some endpoints, like ATA186, > Netmeeting don't send ARQ when call starts, only setup... so it not > work as needed. > > -- > Best regards, ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________________ List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549 Homepage: http://www.gnugk.org/
