Hello Michal,
Maybe I'm wrong.... I have not played with this much.
Saturday, June 26, 2004, 11:56:24 AM, you wrote:
>>From my knowledge, both ATA186 and NM send ARQ.
ZM> Maybe some misconfiguration problem? At least NM/ATA
ZM> I played with both sent ARQ. If an endpoint is registered
ZM> with the gatekeeper and has not recieved pregrantedARQ
ZM> (which is not the case with GnuGk) it HAS to send ARQ
ZM> before opening a signalling channel.
ZM> ----- Original Message -----
ZM> From: "Mike Tkachuk" <mike@xxxxxxxxxx>
ZM> Sent: Saturday, June 26, 2004 10:37 AM
>> Hello P.,
>>
>> Saturday, June 26, 2004, 8:22:39 AM, you wrote:
>>
>>
>> PP> Hi,
>> PP> I have been doing some tests with billing: it supports h235
>> PP> auth, static ip, static ip + h235, static ip + alias authorization.
>>
>> PP> To be able to corretcly bill endpoints that do not support
>> PP> ras or simply call through gnugk as through a gateway I need to
>> PP> enable AcceptUnregisteredCalls, but in this case I have a big
>> PP> problem with those that authorized by h235 username+pass.
>>
>> PP> my config is like this:
>>
>> PP> [Gatekeeper::Auth]
>> PP> RadAuth=optional;RRQ,ARQ
>> PP> RadAliasAuth=sufficient;RRQ,ARQ,Setup
>>
>>
>> PP> If an endpoint is supposed to be authenticated by h235
>> PP> username and password then everything goes well until it sends
>> PP> setup and where gnugk tries to authorize it's call second time and
>> PP> it, of course, fails at this point without h235 fields (it sends
>> PP> clear username/password pair, but my billing expects chap_password
>> PP> for this user)
>> PP> And the worst thing in this scenario is that gnugk sends
>> PP> Acct-Stop WITHOUT sending Acct-Start!!! which is probably a error
>> PP> to send accouning messages without delivering service, or at least
>> PP> to send acct-stop without acct-start. In my billing acct-stop
>> PP> decrements simultaneous usage counter (that is incremented by
>> PP> acct-start) and sending acct-stop without acct-start is a security
>> PP> problem for billing systems that tracks simultaneous usage limit
>> PP> the same way.
>> PP> Is there any solution for this, has anybody noticed this behavior?
>> PP> Thanks.
>>
>> I told you about this problem but you would not listen me ;)
>>
>> What you can todo? nothing really good... you can have a cache of
>> previously authentificated calls, and when setup message arrive, you
>> must check it in this cache... if call was authorized, than you
>> authorize your setup. I have not any ideas how to solve this problem
>> other way.
>>
>> P.S. In 2.0.8 version added new option: CheckSetupUnregisteredOnly but
>> there is problems with it - some endpoints, like ATA186,
>> Netmeeting don't send ARQ when call starts, only setup... so it not
>> work as needed.
>>
>> --
>> Best regards,
Best regards,
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,.
Mike Tkachuk, ph:380-3433-47067
YES ISP, fx:380-3433-47067
Valova 17, mike|a|yes.net.ua
Kolomyia, www.yes.net.ua
Ukraine 78200 FWD: 66518
26.06.2004
ICQ# 57698805
MSN: mike_tkachuk|a|hotmail.com
~*-,._.,-*~'`^`'~*-,._.,-*~'`^`'~*-,.
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________________
List: Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx
Archive: http://sourceforge.net/mailarchive/forum.php?forum_id=8549
Homepage: http://www.gnugk.org/
