Uuid mode – FaxBack Port Server RADIUS Support (RFC 2865, 2866) User Manual
Page 54
FaxBack Proprietary and Confidential
Page 54 of 58
UUID Mode
To simplify the RADIUS server implementation, accounts are managed by exchanging account
names with the RADIUS server, even though the port server internally uses a UUID (Universally
Unique Identifier) to identify each account. In general, the port server manages this distinction by
converting account names into UUIDs when RADIUS responses are returned to the port server,
and by converting UUIDs into account names when certain requests are sent to the RADIUS
server. Because UUIDs are limited to 16 bytes, this imposes a 16 byte (bytes not characters)
limitation on account name lengths.
Despite the 16 byte name length limitation, an enormous number of unique account names can
be created using ASCII characters. However, if the 16 byte limitation is too restrictive, the name
length can be expanded to 64 characters (utf-8 encoded). This is accomplished by enabling
“UUID Mode” on the port server using the “Fax Hardware Setup” application, and by adding
support for UUIDs to the RADIUS server implementation. An additional configuration option
allows the UUID format to be specified. All UUIDs can be formatted as either Binary (16 raw
bytes), Hex string (e.g., “0x05A32765C400499390D835289F96988A”), or Dash string (e.g.,
“05A32765-C400-4993-90D8-35289F96988A”).
The following commands work differently when UUID mode is enabled:
•
For the Get-Account/Account-Login and Get-Account/Account-Validate commands, the
port server still sends the account name in the User-Name attribute for requests. But, for
Get-Account/Account-Login the RADIUS server must return the FB-Account-UUID
attribute for the account, and FB-Rcv-Failover-Account-UUID for the failover account.
•
For the Get-Account/Pre-Send-Session command, the port server can send either a
User-Name or FB-Account-UUID attribute (it will never send both attributes in the same
request). Even with UUID Mode enabled, the send on-behalf-of feature works off of
names, where one account can send on-behalf-of another, so the RADIUS server must
handle both types of input for identifying an account. The response packet must include
a User-Name attribute set to the name of the identified account.
•
For the Get-Account/Pre-Receive-Session command, the port server can send either a
User-Name or FB-Account-UUID attribute (it will never send both attributes in the same
request). Even with UUID Mode enabled, a received fax in a message queue will be
routed to the recipient by account name, so the RADIUS server must handle both types
of input for identifying an account. The response packet must include a User-Name
attribute set to the name of the identified account.
•
For the Get-Account/For-External-Module command, the port server can send either a
User-Name or FB-Account-UUID attribute (it will never send both attributes in the same
request). The response packet must include a User-Name attribute set to the name of
the identified account.
•
For the Get-Load-Balance-Group-Members command in any context, the port server will
send a FB-Account-UUID to identify the load balance group. Each member of the group
must be identified in the response packet with a FB-Account-UUID attribute.
•
For the Get-DID/Pre-Send-Session command, if this command is supported by the
RADIUS server, it must return both User-Name and FB-Account-UUID attributes, for the
account that the request DID mapped to.
•
For the Get-DIDs-For-Account/For-External-Module command, the port server will send
an FB-Account-UUID attribute in the request packet, and not a User-Name attribute.