| NowMMS and RADIUS? |  Search
|
|
NowSMS Support Forums ⬆ NowSMS Support - MMS & Advanced Issues ⬆ Archive through July 07, 2009 ⬆ |
◄ ► |
| Author | Message | |||
| Bigjack New member Username: Bigjack Post Number: 3 Registered: 11-2008 |
I've read the document that talks about configuring the NowMMSC with RADIUS for automatic user identification. However, a few things are not clear to me. I'm reading under section "Configuring the NowWAP Proxy to Forward MSISDN", and have the following questions: Is the WAP Gateway "NowWAP" part of NowMMS? The text refers to both NowWAP Gateway and NowWAP Proxy - is this the same logical entity? Is the Flow for Radius authentication? - 1. GGSN -> NowWAP Proxy : (GGSN passes username/password etc to NowWAP Proxy in access-request RADIUS) 2. NowWAP Proxy -> Radius Server: (NowWAP Proxy proxies RADIUS access-request to RADIUS Server) 3. Radius Server -> NowWAP Proxy: ( Radius server responds to NowWAP Proxy wuth access-accept) 4. NowWAP Proxy -> GGSN: (NowWAP Proxy responds to GGSN with access-accept) In general, what are the pre-requisites in the operator network for the NowMMS Radius based authentication to work? Radius Server? WAP Gateway? Thanks, jack | |||
| Des - NowSMS Support Board Administrator Username: Desosms Post Number: 865 Registered: 08-2008 |
Hi Jack, NowWAP is not part of NowSMS/MMS. It is a separate product, but one that is frequently used together with the NowMMSC on an operator network. On a mobile operator network, the convention is that a WAP proxy (or gateway ... different terminology for the same thing) provides MSISDN to any HTTP and/or WAP based services, such as MMS, that require this information. NowWAP is a WAP proxy (or gateway ... choose your terminology). The proxy inserts this information into an HTTP header when forwarding the request to the service. It doesn't have to be the NowWAP proxy ... that is just the WAP proxy/gateway that we sell to provide this capability in an operator network. The RADIUS protocol is the de-facto interface that is used for obtaining the MSISDN information. The RADIUS protocol family consists of two related protocols, one is simply known as RADIUS (we refer to it as RADIUS authentication to distinguish it), and the other is known as RADIUS accounting. RADIUS authentication operates over UDP port 1812, and RADIUS accounting operates over UDP port 1813. (Because of an error in the original specification, sometimes ports 1645 and 1646 are used instead.) The proxy is only interested in RADIUS accounting, but it can provide basic RADIUS authentication services for scenarios where the two protocols cannot be separated. As the names imply, the RADIUS authentication protocol is about authentication and access control. The RADIUS accounting protocol is about accounting and notification of activities. The logic works like this at a RADIUS level when a connection request comes into the GGSN: A.) AUTHENTICATION - OPTIONAL 1.) GGSN sends access-request to RADIUS server. This RADIUS server can be NowWAP, or it can be some other RADIUS server. 2.) RADIUS server sends access-accept or access-reject to GGSN. If NowWAP is the RADIUS server, it is a very simple one. In 99.99% of configurations, it always replies access-accept. NowWAP (or any other WAP gateway) is not designed to be an authentication/access server. It provides a simple implementation for situations where the GGSN expects a RADIUS implementation to support both authentication and accounting. In a typical operator network scenario, RADIUS is not used for authentication. It is used for accounting, but sometimes the GGSN implementation requires both. B.) ACCOUNTING - REQUIRED 1.) The GGSN has accepted the connection and assigned an IP address to the client. It then sends an accounting-request with acct-status-type of "start" to the RADIUS accounting server. This RADIUS accounting server can be NowWAP, or it can be some other RADIUS server. If it is another RADIUS server, it must forward/proxy the packet to NowWAP. This packet provides the identification information for the connected client. 2.) The RADIUS accounting server replies with an accounting-response packet.
On an operator network, a WAP gateway (or proxy) provides the identification information for the MMSC and other HTTP or WAP based services. NowWAP is our product that provides this capability. A separate RADIUS server is not required for this scenario. It may or may be present, but if it is present, it is present for other operator requirements unrelated to the MMSC. (Background information for others reading this thread ... the article Jack refers to is found here: http://www.nowsms.com/support/bulletins/tb-nowsms-002.htm) -- Des NowSMS Support | |||
