Overview – FaxBack Port Server RADIUS Support (RFC 2865, 2866) User Manual

FaxBack Proprietary and Confidential

Page 5 of 58

Overview

For account management and billing, the port server supports a flexible architecture for retrieving
database objects and saving CDRs (Call Detail Records), by performing all database operations
through an external module that it loads during startup. The core port server functionality of
reliably sending and receiving real-time fax over HTTP remains unaffected by the type of external
database module that is used.

For example, when the port server authenticates a client that is logging in, the account name and
password that the client provided are passed to the external database module, where the
necessary action to validate the account (such as an SQL query) takes place. The response from
the external database module determines if the port server accepts or rejects the client login.

To support RADIUS (RFC 2865, 2866), the port server is configured to use an external database
module, included with the port server, that implements the client side of the RADIUS
specification. This module exchanges packets with a RADIUS server, for the purpose of
retrieving database objects and saving CDRs on behalf of the port server. In this way, the port
server can use RADIUS to integrate with existing account management and billing systems.

The port server uses RADIUS to:

•

Authenticate the account name and password provided by port server clients

•

Find an account associated with a DID (inbound routing)

•

Find an account associated with an e-mail address (authenticate SMTP sender)

•

Retrieve extended account attributes for a specified account

•

Save CDRs following fax sessions (RADIUS Accounting)

To provide all of the functionality that the port server can expect of a RADIUS server, a RADIUS
server must be capable of extending its functionality beyond what is strictly defined in the
RADIUS specification. For example, the RADIUS server must be capable of parsing Access-
Request packets and recognizing the FaxBack vendor-specific Command attribute. The
commands that the port server sends require retrieving information for an account and returning
that information in a RADIUS response packet.

A RADIUS server needs to respond quickly to request packets, to ensure fast initiation of
sessions. Ideally, the round-trip duration for a RADIUS packet exchange, from the time the port
server sends the packet until it receives a response, would be less than 100 milliseconds.

The port server divides RADIUS support into two categories: Access-Requests (account
management), and Accounting-Requests (updating the state of a session and saving CDRs).
Either or both category can be enabled on a port server, each with an independent configuration.

To support “Access-Requests”, a RADIUS server needs to be extensible, so that it can perform
simple queries that arrive in Access-Request packets that the port server sends to retrieve
account information. In most cases, the RADIUS server can get by with providing very limited
information in response to these requests. However, the more detail that the RADIUS server
provides in an Access-Accept packet, in the form of FaxBack vendor-specific attributes, the more
port server features that can be enabled.