FAQ
GlobalPOPs FAQ
Frequently Asked Questions
I. RADIUS
Q. I plan on using my own RADIUS server(s). What general
configuration do I need in order to work with
GlobalPOPs' service?
A. Clients configuration, and RADIUS configuration/abilities will
vary but need to be set up properly to communicate with
our RADIUS servers:
-
Your must have our primary and secondary RADIUS servers
in your clients configuration along with the
shared secret you specified on your order.
- 64.136.164.22 testrad.globalpops.com
- 64.136.164.52 rad01.globalpops.com
- 64.136.173.10 rad02.globalpops.com
- 64.136.164.53 rad03.globalpops.com
- 64.136.173.12 rad04.globalpops.com
- 64.136.164.54 rad05.globalpops.com
- 64.136.173.11 rad06.globalpops.com
- 64.136.164.55 rad07.globalpops.com
- 64.136.173.13 rad08.globalpops.com
- 64.136.164.120 rad09.globalpops.com
- 64.136.173.40 rad10.globalpops.com
- 64.136.164.121 rad11.globalpops.com
- 64.136.173.41 rad12.globalpops.com
- 64.136.164.122 rad13.globalpops.com
- 64.136.173.42 rad14.globalpops.com
- 64.136.164.123 rad15.globalpops.com
- 64.136.173.43 rad16.globalpops.com
- 64.136.164.124 rad17.globalpops.com
- 64.136.173.44 rad18.globalpops.com
- 64.136.164.125 rad19.globalpops.com
- 64.136.173.45 rad20.globalpops.com
- 64.136.164.126 rad21.globalpops.com
- 64.136.173.46 rad22.globalpops.com
- 64.136.164.127 rad23.globalpops.com
- 64.136.173.47 rad24.globalpops.com
- 64.136.164.128 rad25.globalpops.com
- 64.136.173.48 rad26.globalpops.com
- 64.136.164.129 rad27.globalpops.com
- 64.136.173.49 rad28.globalpops.com
- For our own (on-net) numbers, you will need to be able
to reply a standard PAP request. For our tiered
Qwest (off-net) numbers, you will need to be able
to respond to standard CHAP (encrypted password)
requests.
Q. Do I NEED to send RADIUS attributes with my access-accept
reply to make the connection?
A. No, We will send the required packet back to the NAS With some
standard attributes for a successful connection. An accept
reply is all that is required to establish a connection.
NOTE: a reply message should not come with an accept, this
can cause some NAS's to drop the connection.
* STANDARD ATTRIBUTES CAN BE ADDED TO THE ACCEPT TO
CUSTOMIZE THE CONNECTION'S PROPERTIES
(i.e. Session-Timeout, Idle-Timeout, Ascend-Data-Filter, etc.)*
Q. Do I need to do anything specific to reject a connection request?
A. A denial reply is all that is needed to deny authentication.
Some RADIUS services implement a delay for denials.
This is commonly seen in FREERADIUS and CISTRON.
To stop this delay from happening add the line:
reject_delay = 0
to your radius.conf
Q. What if I am having an outage or my RADIUS server is not
functioning properly? Do you send the request to both
of my RADIUS server(s)? Is there any failure policy?
A. On the order form, there is an option for failure policy. This
is used as a last resort. Every passthrough request is sent
to your Primary RADIUS on file. If we do not receive
response within a timely manner, we will send the request to
your Secondary RADIUS (if on file). With every response we
update a record of the valid or invalid attempt from that
username. Without response from any of your RADIUS servers
on file we will then compare the request to the documented
attempts as follows:
- If your RADIUS server(s) had accepted the same
user and password on the most recent attempt. We will
authenticate the user. If the request's username and
password does not match or has been denied by your RADIUS
server(s) on the most recent attempt, we will reject the
auth request.
- If you have the failure policy turned on in your
account, when your RADIUS server(s) do not respond in a
timely manner and we have never received an accept nor
denial for the username in the request, we will
authenticate the user automatically. If this option is
turned off, we will deny any user never recorded with an
accept or denial from your RADIUS server(s).
This module is only used when we cannot compare the
authentication request to a previously recorded successful or
invalid attempt per your RADIUS. To have it removed or turned
on, email support@globalpops.com with the request to do so.
II. ACCESS NUMBERS
- On-Net
- Off-Net
- Locator
- Number Lists
- Network Codes
- Q. What are the On-Net numbers?
- A. These numbers are ported to our RADIUS servers directly. These
are the numbers of which we control the capacity. There
is no provisioning time for these numbers. They are
available immediately once you are set up as a customer.
- Q. What are the numbers listed as Off-Net?
- A. These numbers are provided by tiered vendors. They consist of
Qwest, MegaPOP, Aleron, and Level3. Dialing into these
numbers DOES NOT automatically forward the request to our
RADIUS servers. The request first goes to the vendor's
RADIUS, then the request passes to whom the realm is
provisioned. Turn up time on these numbers can vary from 2
days average on MegaPOP to 3 weeks average on Qwest.
*THESE NUMBERS ARE IDENTIFIED BY "Off-Net" ON OUR LOCATOR*
- Q. What is GlobalPOPs' Locator?
- A. Our online locator located at http://www.globalpops.com/locator
and within the back-office (http://loginto.us) can be used
for quick searching on availability of numbers in an area.
Please be aware of the message displayed at the top of the
result table. This message will read "Access Numbers were
matched to all Local Rate Centers." if we have found a match
to that calling area.* The locator will otherwise read
"Access Numbers were matched to your Area Code Only." if
we do not find a good match for the local area.*
* NOTE: ONLY THE TELEPHONE COMPANY OF THE CALLING FROM
NUMBER CAN DETERMINE IF A CALL WILL BE FREE. WE ARE NOT
RESPONSIBLE FOR ANY TOLL CHARGES OR MISUNDERSTANDINGS OF
THE USE OF OUR ACCESS NUMBERS. *
- Q. Are your numbers downloadable for me to manipulate and display
them how I want?
- A. Yes, they are located in comma separated text files:
- https://www.loginto.us/wholesalev92.txt
- https://www.loginto.us/wholeoffv92.txt
The fields supplied in these lists are:
NPA, NXX, AccessNumber, City, State, V92, ClusterCode
- Q. In the Number Lists and on the locator, the numbers
have 2 or 3 characters displayed after the entire row.
What are these characters?
- A. These are identifiers primarily for GlobalPOPs' organization :
- The two or three character codes listed next to On-Net numbers
are codes that will help you distinguish line and/or NAS
clusters in certain regions. If an issue occurs on GN
numbers, but not NWT numbers, it would be safe to assume
that our GN lines are having an issue, not the entire
network. Also, if one of your realms works on multiple
codes, but another realm of yours works on few or none,
it is most likely that the realm (attributes, or end RADIUS)
is the cause of the issue.
- The two or three character codes listed next to Off-Net: on our
locator are identifiers of our tiered providers (Qwest - QW,
Aleron - AL, UUnet)
III. CONNECTIVITY
- Time Limits
- Traffic Blocking
- Quality of Connections
- Connection Issues
- Q. What are the time limits of a connection?
- A. We automatically set a session limit of 3 hours and an idle
timeout of 15. If you send us a session limit within
8 hours, we will respect it. If it is above 8 hours,
we will rewrite the attribute to be for 8 hours.
- Q. Does GlobalPOPs block certain traffic, ports, viruses?
- A. Yes, by default All Port 25 Traffic is blocked when connecting
to our modem pools. Port 25 traffic can be enabled by means
of RADIUS attributes (please read EMAIL section of this FAQ
for more explanation). Across most of our network ICMP
traffic is blocked. This does take away the abilities of
some command prompt utilities (traceroute, ping); however,
this blocking has only recently been implemented in a so
far successful attempt of stopping the spread of virus
based attacks (Blaster, SoBIG).
- Q. Has GlobalPOPs seen any noticeable quality of connection issues?
- A. Yes, certain modem manufacturers have proved to release modems
that incur quality of service issues. GlobalPOPs has
recognized most of these issues with some advice to
help correct:
- Lucent Technologies (LT) WinModems - There are many
drivers that can be found for these modems. From testing
we have found that the v.6.0 driver works almost perfectly
with our modems. This driver is available as LT60.cc.
This update will work for LT modems below OR above the
6.0 version. To use, simply rename the file to LT60.exe.
Execute the file and complete all prompts that it supplies.
Restart the updating computer and check the version of the
driver. If the version is not 6.0, rerun the upgrade.
Continue until version 6.0 is installed.
- Rockwell (now known as Conexant) - This manufacturer
has made their chipset available to many companies for
redistribution*. Unfortunately the drivers seem to be
culprit for a lack of quality. We have assessed that the
digital (ISDN) tone present at the beginning of the modem
handshake causes these modems to have a somewhat corrupted
connection (dropped connections, packet loss, slow transfers).
A simple remedy is to have three commas added to the end of
the access number in the end-users dialer (xxx-xxx-xxxx,,,).
This causes the modem to wait approx. 6 seconds before
listening or attempting to handshake. As the wait occurs,
the digital tone is then ignored. Using this on other modems
with problematic connections has proven successful also.
* SOME KNOWN MODEMS USING THIS CHIPSET - ROCKWELL, CONEXANT,
AGERE, SUPRA, HCF, EVEN SOME US ROBOTICS *
- Q. What should I do if I'm having a connectivity, routing,
or quality of service issue?
- A. Please review all aspects of this FAQ for any answers or
suggestions. If none are available here, email
support@globalpops.com or call 866-999-GPOP option 3.
Please note when calling, the call center reached by this
option can only document an issue and start a ticket.
The ticket/documentation will be escalated to a NOC
technician.
IV. REALMS
- Definitions
- Additional Realms
- New Master
- Disconnects
- Transfers
- Provisioning
- Off-Net Registration
- Q. I have seen GlobalPOPs use the terms MasterRealm, Realm, Child
Realm, and SubRealm. How does GlobalPOPs define these terms?
- A. Similar as these terms may seem, they are easily distinguished.
- A MasterRealm is the identifier for your account.
This is the realm name submitted on your original order
form. This realm will be the first set up for
authenticating dialups through your account.
- We define the term Child Realm and use it exactly
the same as the term Realm. A Realm is the
string appended to a username (i.e. username@realm) which
we read in order to pass the authentication request properly.
You can add Realms through the back-office located at
http://loginto.us. If a realm is not registered on your
account, we will not be able to authenticate requests for it.
Each account has no limit on registered realms; however,
there must be 10 users active each month after 90 days of
creating the realm or you will incur a $25 fee for that
realm.
- A SubRealm is the term specifying a prefix to a
realm (i.e. user@prefix.realm). This is not used by our
system. You must register every prefix.realm as a
complete realm. GlobalPOPs can provision a realm to include
all subs as using wildcard (*.realm) with Aleron and Qwest,
two of our Off-Net tiered providers. This is useful to not
pay multiple realm setup fees for using these numbers.
- Q. I need to set up more realms than the one I had on my order
form. Can I do this myself?
- A. Yes, as found in the BACK-OFFICE section of this FAQ, when
logged in to the back-office as your MasterRealm, you can
go through the "Realm Functions" to add a Realm. See BACK-OFFICE
section for more help.
- Q. I want to set up a new MasterRealm (account) as a realm that is
already on another MasterRealm. What is the procedure?
- A. A disconnect must be sent by the current MasterRealm; however,
the new order must be placed before the disconnect. Please
read the following questions which explain the process in
more detail.
- Q. How do I disconnect a Realm from my account?
- A. All Realm disconnections must be submitted through the
back-office. As explained in the BACK-OFFICE section of
this FAQ, submit the "Remove a Realm" form from the
Back-Office. Once this form is completed and received,
we will review the request, and once approved, we will
remove the Realm from your account.
(Again, read the BACK-OFFICE section of this FAQ for more
detailed instructions.)
* DEPENDING ON BILLING METHOD, A REALM MAY NOT BE RELEASED
UNTIL THE COMPLETION OF YOUR CURRENT BILLING CYCLE *
- Q. I want to disconnect a realm so that it can be reregistered
with GlobalPOPs on another account. How is this done?
- A. First, the MasterRealm that wishes to
receive the transfer of the realm(s) must email
support@globalpops.com explaining that they expect realm(s) (list these in the email)
to be disconnected from the GlobalPOPs network and the request to reconnect the
specific realm(s) once GlobalPOPs has approved the disconnect.
Then, a disconnect request must be made. For this please read
the previous question or see the BACK-OFFICE section of this
FAQ.
Example:
MasterRealm "a" has realm "xxx". MasterRealm "b" is
taking realm "xxx". MasterRealm "b" must email
support@globalpops.com explaining that realm "xxx" is
to be disconnected and MasterRealm "b" would like to
receive realm "xxx" once this is complete.
MasterRealm "a" must submit the disconnect for realm
"xxx" and the transfer will complete.
* THIS PROCEDURE MUST BE DONE EVEN IF THE BOTH TRANSFERRING
MASTERREALMS ARE YOUR ACCOUNTS. *
* WE WILL RECONNECT A TRANSFERRED REALM TO THE NEW
MASTERREALM THAT FIRSTS REQUESTS THE RECEIPT *
- Q. Is there any way to circumvent registering each realm with the
Off-Net providers?
- A. Yes, we have registered the realm 1dial.com with all SubRealms
as explained in the previous questions. This means that
a user can dial into a Qwest number as
username@realm.1dial.com and we will receive the request.
When our RADIUS sees 1dial.com, it strips that suffix and
handles the request as username@realm. This is available
to use for anyone. Again, authenticating on the Off-Net
numbers will only work if you are subscribed to the
enhanced network.
V. EMAIL
- Hosted
- Your Mail Server
- Mail Server Rejects Sending
- Alternative
- Q. I want to use your Hosted Email Solution. How does it work?
- A. Our Hosted Email Solution is a POP and SMTP server available
for our Hosted RADIUS Solution customers. In order to
enable this, the following circumstances must
be met:
- You must subscribe to our Hosted RADIUS Solution.
- The domain to use must reside in our DNS. Contact your
registrar to make the name servers for the domain to be:
- ns1.super-dns.com
- ns2.super-dns.com
- There is a $5/month fee to have the domain reside in
our DNS.
- Customers must authenticate to the POP/SMTP server.
We do not relay by IP on this server, and since we host
the customer base, they must use their login
(username@realm/password) to communicate with the server.
- We employ the use of SPF's (Spam Protection Filters) on all Hosted Email Realms. These are
in place for added security, only allowing mail to be delivered from our mail server, i.e. the MX record of your hosted
domain.
- Q. I want to use my own email servers. Are there any issues or
configurations of which I should be aware?
- A. Yes, as mentioned in the Connectivity section, port 25 (SMTP)
is generally blocked across the network. In order to
guarantee data movement through this port, the authenticating
RADIUS must send multiple Ascend-Data-Filter attributes* to
open port 25 for the desired mail server(s). To test if port
25 is open on a connection, try to telnet to the desired
server on port 25.
**We cannot escalate any email issues if
Ascend-Data-Filters are not sent properly**
*The syntax for the Ascend-Data-Filter attributes:
Ascend-Data-Filter = ip in forward tcp est
Ascend-Data-Filter = ip in forward dstip x.x.x.0/24
Ascend-Data-Filter = ip in drop tcp dstport = 25
Ascend-Data-Filter = ip in forward
Where x.x.x.0 is the block in which your mail server(s)
reside. If you are only using one mail server, we suggest
using the one IP of the mail server followed by /32.*
- Q. I can telnet to port 25 of my mail server, but still cannot get a
message to leave. It does not bounce back, it simply does not
make it to our mail server. Do I need to do something else?
- A. Opening port 25 by means of RADIUS attributes is only the first
step for outgoing mail. Your mail server should be either
configured to relay by IP or authenticate the user attempting
to send. If you use the authentication method, please check your
mail server's error logs to assess why the mail will not send.
If your server relays by IP, then you will need to import our IP
list which is updated every day.
This list is located at http://login2.us/octets.txt.
- Q. The IP list you provide seems to have many more IP's than my
users ever receive. What are all of these IP's and can I
get a localized version of this list?
- A. The IP list at http://login2.us/octets.txt is a full list of
the IP block which are available across the nation from
our modem pools. We do not record localized versions of this
list. If you do not prefer the idea of allowing relays from
this entire list, we suggest configuring your mail server(s)
to authenticate users trying to send.
VI. NEWS
- Q. GobalPOPs offers news service. How do I use this?
- A. First, you must subscribe to our Outsourced News Service. This
is done by paying for news server ports. The amount of
simultaneous connections to our news server (news.1dial.com)
is how much you are purchasing. You will have to set up your
news client to authenticate with the same username/password
used for the connection. Our news server will send an
authentication request to the authoritative RADIUS server(s)
of the realm used. This RADIUS request is an auth-only
request. No accounting packets will follow. The
authoritative RADIUS will need to be able to accept a request
while that user is logged on.
VII. BILLING
- Ad-Base Systems
- Pay In Advance
- Advanced Invoicing
- Service Changes
- Q. Who is Ad-Base Systems and what is their history?
- A. Ad-Base Systems is an internet and computer related billing
company. We use this company for our billing purposes. Payments
for our services will be charged by or paid to Ad-Base Systems.
More information on Ad-Base Systems is available at
http://adbasesystems.com/.
- Q. I have been told that all services are pay in advance. How does
GlobalPOPs execute this?
- A. This varies depending on the services purchased. Some services
have static pricing which are the same every billing cycle.
Other services need to be calculated at the end of your
billing cycle.
- The three static priced services are:
- Purchasing a fixed amount of ports
- Purchasing Outsourced News Service
- Keeping a domain in our DNS
These services are billed on the first day of your
billing cycle and pay for the billing cycle you are entering.
Example: Your billing date is the 5th of each month. If you
subscribe to any of these three static rates, you will be
billed on 9/5 for the service covering 9/5 - 10/5.
- All other GlobalPOPs' services are calculated at the end of
your billing cycle. These currently include:
- All per user accounts
- All per hour accounts
- Hosted RADIUS/email charges
Since the usage of these services need to be
calculated at the end of your billing cycle, we require a
deposit on hand for your maximum potential usage. This is
how we make you of a pre-pay method for these services.
Example: Your billing date is the 5th of each month. If
you subscribe to any of these dynamic rates, the actual
usage will for 9/5 - 10/5 will be billed on 10/5. At the
same time, a deposit must be on hand with us for your
current usage in the past 30 days. In more detail, on any
given day, we may post an invoice to increase the deposit
on hand to match the usage for a month ending that given
day.
You can view all deposits on hand with GlobalPOPs and
all of the invoices on your account at any time through the
Back-Office as explained in more detail in the BACK-OFFICE
section of this FAQ.
- Q. I just received an invoice that shows a service period starting
approximately one month from today. Why are you invoicing
a month in the future?
- A. Our primary billing methods are credit/debit card. Or automatic
withdrawals from checking accounts using bank routing and
your checking account number. We can also email invoices.
If you are set to receive your invoices by email and you
have a static rate, we will send out your following billing
cycle's invoice one month early. This is done to give you
the time to get payment to us by the time that invoiced
billing cycle starts.
- Q. I plan to change my services in the middle of my billing cycle.
How will GlobalPOPs handle this?
- A. All services can be prorated in the case that your account is
changing during your billing cycle. If the service changing
is a static rate, we will close out the rate for all
invoiced periods, then we will post the new rate for those
specific days. This proration is for the amount of days of
the service at the price of 1/30 the regular rate.
On the dynamic (calculated after) services, we will use the
same rate proration and close-out the rate on the day
requested. From there, we will have to wait until the end
of the new cycle to calculate the usage at that point. At
the same time, a static to dynamic rate change or vice versa
will cause us to use the respective closing and re-billing
technique.
VIII. BACK-OFFICE
- What is it?
- Master Realm Login
- Extra Logins
- Account Changes
- Failed Logins
- Q. What is GlobalPOPs' Back-Office?
- A. Our Back-Office located at http://loginto.us is a website used
to make some account changes, view reports for your account,
and retrieve extended network information.
- Q. When I go to http://loginto.us, I get a login style page.
What username and password do I enter?
- A. When you create an account with GlobalPOPs we send you a
welcome letter with a username and password. This is the
login used to access your MasterRealm. You can also create
logins for the Back-Office which go directly to one of your
realms. Again by entering the username and password of your
MasterRealm (received in welcome email), you will access
you main account. By entering the username and password
you have created for one of your realms you will bypass the
main account information (showing all realms) and view only
information of the distinct realm you have entered. Read the
following questions for adding these logins.
*To access one distinct realm of yours once you have logged
in to the MasterRealm, click "Choose a Realm" from the menu
on the left. Now, in the right frame, you have a list of
characters and a link for "Show All". By clicking on one of
the single characters, you will list all realms in your account
starting with that character. By clicking "Show All", you
will list all of the realms currently under your account.*
- Q. GlobalPOPs has explained in different situations to log in to the
Back-Office as my MasterRealm or other times, as the distinct
realm with which I need to work. How is this accomplished
properly, and what is the distinction?
- A. As the REALMS section of this FAQ explains the distinction, your
MasterRealm is your account identifier. There is only one
username and password to log in as your MasterRealm, this was
originally sent in the welcome email. You can log into one of
the authenticating realms under your MasterRealm by two
different methods:
- Log in to the Back-Office as your MasterRealm.
Click "Choose a Realm". Now, in the right frame, you
have a list of characters and a link for "Show All".
By clicking on one of the single characters, you will
list all realms in your account starting with that
character. By clicking "Show All", you will list all of
the realms currently under your account.
- Create a login for the distinct realm (explained in
the following questions), now enter that username and
password at the login screen of the Back-Office.
Doing either of these will have you "logged in" as the distinct
realm under your MasterRealm.
- Q. What account changes can I make through the Back-Office?
- A. Through the Back-Office you can:
- add new realms for authentication
- submit requests to remove authenticating realms
- create additional Back-Office logins
- remove additional Back-Office logins
- customize the view for additional logins
- add users --------------------------- (Hosted RADIUS only)
- edit users -------------------------- (Hosted RADIUS only)
- deactivate (delete) users ----------- (Hosted RADIUS only)
- reactivate users -------------------- (Hosted RADIUS only)
- add email access for users --------- (Hosted RADIUS only)
- remove email access from users ----- (Hosted RADIUS only)
- update contact information
- TO CREATE A NEW REALM TO AUTHENTICATE THROUGH YOUR ACCOUNT:
Log in to the Back-Office as your using the MasterRealm
username and password you received in your welcome email.
On the left menu, click "Realm Functions", then click
"Add a Realm" in the "Realm Functions" submenu. In the
right frame, the "Add a Child Realm" page will appear.
In the field for "Child Realm Name" enter the new realm
you would like to register and click "Add Child Realm".
You should see the top of the table now explains that the
new realm has been added.
*If the header of the table displays "ERROR: That Child Realm
Name is Already In Use." then the realm already exists on
an account. You must then go through the process of removing
the realm from the account on which it currently resides and
have it transferred to the account you choose.
Please review the disconnect/transfer processes explained
in the REALM section of this FAQ.*
- TO REMOVE A REALM FROM AUTHENTICATING THROUGH YOUR ACCOUNT:
Log in to the Back-Office using the MasterRealm username and
password you received in your Welcome to GlobalPOPs email.
On the left menu, click "Realm Functions", then click
"Remove a Realm" in the "Realm Functions" submenu.
Now a new form has appeared in the frame on the right.
Type the password used to log in the Back-Office as your
MasterRealm in the "Master Realm Password" field. Next,
select the realm you wish to have removed from the
"Realm to Remove" drop-down list. Now, for the last
field "Enter Your Email Address for a Removal Reply", type
an email address to which we can send confirmation once the
removal is complete. Finally click the "Submit Information"
button below the table. Once the form posts, you should see
the header of the table displays "Your e-mail has been
successfully submitted. Your Realm is Being Reviewed for
Disconnection." As explained in the REALMS section of this
FAQ, we will then review the realm for billable usage and
authorization of the removal. Once the realm clears this
review (sometimes same day, but up to next billing cycle),
we will remove the realm from authenticating through your
account.
*If the heading of the table displays "Master Realm Name and
Password Did Not Match. You Cannot Remove a Subrealm Without
Your Master Realm Name and Password.", please resubmit the
form with the correct password. If you do not have this, you
should contact your administrators first, then if necessary
your sales representative.
- TO CREATE ADDITIONAL BACK-OFFICE LOGINS:
You will be creating a new username and password with which
you will be able to log into our Back-Office directly into a
realm. This login will be used to bypass the MasterRealm
login, therefore preventing your customers or employees from
seeing some of the MasterRealm's information pertaining to
billing and securities. To create this new login:
Log in to the Back-Office using the MasterRealm username and
password you received in your Welcome to GlobalPOPs email.
On the left menu, click "Realm Functions", then click
"Add Login for Realm" in the "Realm Functions" submenu.
In this table you will start with the "Login" field;
type the new username for access. In the "Child Realm"
field, select from the drop-down list, the realm to which this
new login will have direct access. The type a new password
in both the "Password" and "Re-Type Password" fields.
Finally click the "Add Child Realm Username/Password" button.
You should see the top of the table now explains that the
new login has been added.
*If the header of the table displays "Username [new user name]
has already been taken." then you must submit the form with
a different username.*
- TO REMOVE ONE OF YOUR ADDITIONAL REALM LOGINS:
Log in to the Back-Office using the MasterRealm username and
password you received in your Welcome to GlobalPOPs email.
On the left menu, click "Realm Functions", then click
"Remove a Realm Login" in the "Realm Functions" submenu.
You will see a table in the right frame displaying
"Select a Login to Deactivate". By simply clicking on
a username listed as a hyperlink, you will instantly remove
the ability for that username and corresponding password to
access our Back-Office.
*If the right frame displays "No Child Realm Logins found
for [your MasterRealm]" then you have no additional
Back-Office logins created under your MasterRealm (See
previous question for help adding logins).*
- TO CUSTOMIZE THE VIEW FOR YOUR ADDITIONAL REALM LOGINS:
Log in to the Back-Office as your MasterRealm, then click
"Realm Config" on the left menu. A submenu of "Realm Config"
now appears. Click "Single Update" to change the settings of
only one of your realms, or click "Batch Update" to change the
settings of multiple realms.
If you click "Single Update", you will see a list of
current realms in your account in the right frame. Next click
on the realm for which you would like to alter the settings.
Now, review the settings which you can change and set all of
the radio style buttons to "Yes" or "No" according to your
preference. Finally, click the "Update Child Realm
Configuration" button to complete the process.
If you click "Batch Update", the frame on the right will
have at the top "Check Each Child Realm to Configure". You
can check all of the realms you would like to affect or check
"Update All" to change all of your realms according to how you
fill out the rest of the form. Now, review the settings which
you can change and set all of the radio style buttons to "Yes"
or "No" according to your preference. Finally, click the
"Update Child Realm Configuration" button to complete the
process.
- TO ADD USERS ON YOUR HOSTED RADIUS ACCOUNT:
Log in to the Back-Office as the realm on which you would like
to add a user. On the left-hand menu, click "Manage
Customers". You will now see a submenu under "Manage
Customers". Now click "Add User" from that submenu. The top
of the table on the right-side frame now displays "You are
choosing to Add a User". Now type the new username in the
"Username" field. Next type the password for this new user
in the "Password" and "Re-Type Password" fields. If you have
Hosted Email services with GlobalPOPs you can choose to
activate this new user's first email account by changing the
"Email Active?" drop-down to "Yes". If you do not have Hosted
Email with us, then you will not have the option of choosing
"Yes" for this field. Finally click "Add User". Once this
form submits you should see the successful addition results
displayed.
*If you receive an error that the username already exists,
correct the chosen username and resubmit the form or use the
search customer link (explained in following questions about
editing user accounts) to see the customer already exists.*
- TO EDIT USERS ON YOUR HOSTED RADIUS ACCOUNT:
Log in to the Back-Office as the realm on which the customer
exists. Click "Manage Customers" from the left menu and you
will extend submenu. Now, in the "Manage Customers" submenu,
click "Search Customers". In the right-hand frame, type the
beginning of or complete username of the account you need to
alter. You can leave this field blank to find all customers.
Click "Search" and you will receive a list of usernames
matching your search criteria. Next click on the username
of the account which you are going to change. You will now
be viewing the "User Info" page. Under the "Customer Options"
section, click the "edit" button. You will now see the "Edit
Customer Information" table. Make any changes necessary to
the username and/or password and click the "Update Customer
Information" button. Once this form submits, you will see
confirmation of your changes.
- TO DEACTIVATE (DELETE)* USERS FROM YOUR HOSTED RADIUS ACCOUNT:
Log in to the Back-Office as the realm on which the customer
exists. Click "Manage Customers" from the left menu and you
will extend submenu. Now, in the "Manage Customers" submenu,
click "Search Customers". In the right-hand frame, type the
beginning of or complete username of the account you need to
alter. You can leave this field blank to find all customers.
Click "Search" and you will receive a list of usernames
matching your search criteria. Next click on the username
of the account which you are going to change. You will now
be viewing the "User Info" page. Now click the "Deactivate"
button. You will now see "You are choosing to Deactivate a
User", to continue deactivating this user, click the
"Deactivate User" button towards the bottom. You will then
receive confirmation that the user has been deactivated.
*This will not delete the customer from our database. We
manually run deletions of the deactivated users after they
remain deactivated past two billing cycles.*
- TO REACTIVATE USERS ON YOUR HOSTED RADIUS ACCOUNT:
Log in to the Back-Office as the realm on which the customer
exists and is deactivated*. Click "Manage Customers" from the
left menu and you will extend submenu. Now, in the "Manage
Customers" submenu, click "Search Customers". In the
right-hand frame, type the beginning of or complete username of
the account you need to reactivate. You can leave this field
blank to find all customers. Click "Search" and you will
receive a list of usernames matching your search criteria.
Next click on the username of the account which you are going
to reactivate. You will now be viewing the "User Info" page.
Now click the "Reactivate" button. You will now see the
"You are choosing to Re-Activate a User" screen. Click the
"Re-Activate Customer" button. Once the form has submitted,
you will see a confirmation page and the account will be
active once again.
*You can only reactivate customers that have an inactive status
(displayed as DEACT|username). If the customer does not exist
anymore, we have removed them from the system for a prolonged
period of being inactive. In this case follow the instructions
to create a new user.*
- TO ADD EMAIL ACCESS FOR A USER (HOSTED RADIUS ACCOUNT):
- .If the customer does not exist yet, follow the process of
adding a new user making sure that you select "Yes" for
the "Email Active?" field.
- .If the customer already exists, log in to the Back-Office
as the realm under which the customer exists. Click
"Manage Customers" from the left menu and you will have
a submenu extend. Now, in that submenu, click
"Search Customers". In the right-hand frame, type the
beginning of or complete username of the account you
need to alter. You can leave this field blank to find
all customers. Click "Search" and you will receive a
list of usernames matching your search criteria. Next
click on the username of the account which you are going
to change. You will now be viewing the "User Info" page.
Under the "Email Information" section, click the "enable"
button. At the end of the "Primary" row. This will
add the email account to our mail server for you/your
customer's use.
- TO REMOVE EMAIL ACCESS FROM A USER (HOSTED RADIUS ACCOUNT):
Log in to the Back-Office as the realm on which the customer
exists. Click "Manage Customers" from the left menu and you
will extend a submenu. Now, in the "Manage Customers" submenu,
click "Search Customers". In the right-hand frame, type the
beginning of or complete username of the account you need to
alter. You can leave this field blank to find all customers.
Click "Search" and you will receive a list of usernames
matching your search criteria. Next click on the username
of the account which you are going to change. You will now
be viewing the "User Info" page. Under the "Email Information"
section, click the "disable" link at the end of the row of the
email account you want to disable. This will disable and delete
the email account listed.
- TO UPDATE CONTACT INFORMATION FOR YOUR ACCOUNT:
Log in to the Back-Office as your MasterRealm. On the left
menu, click "Contact Info". In the "Contact Info" submenu,
click the "Update Contact Info" link. You will now see the
"Update Contact Info" table on the right. The first section
is for "Administrative Contact". Make any necessary changes to
this part to confirm that the information is current and
correct. Next is the "Technical Contact" section. Here, you
can click the check box to set the "Technical Contact" the same
as the "Administrative Contact"; otherwise, make any necessary
changes to this part to confirm that the information is current
and correct. Lastly is the "Billing Contact" section. Here
you can check the first box to set the "Billing Contact" the
same as the "Administrative Contact", check the second box to
set the "Billing Contact" the same as the "Technical Contact",
or make any necessary changes to this part to confirm that the
information is current and correct. Finally click the "Submit
Contact Information" button and once the form posts you will
see confirmation of your changes.
- Q. What are and how do I interpret the failed logins report?
- A. The failed logins report available in the back office, reports any connection attempt
for which we returned a denial. On the menu in the Back-Office, once you click on failed
logins you can choose to view the report for the current past hour, or for the current
past 24 hours. Only the PROXIED error will pass to the authenticating RADIUS
file for the realm. For all of the other errors documented, we automatically send a
denial to the NAS without contacting the authing RADIUS.
When you find the reason, click on it to view the definition of the
blocking as explained below :
- PROXIED
- INACTIVE REALM
- REALM NOT ENHANCED
- MASTER REALM OUT OF PORTS
- DEACTIVATED NUMBER
- BLACKLISTED
- OVER LIMIT ON HOURS
- EXCEEDS USER SESSION LIMIT
- EMPTY PASSWORD
- SQL PROXY RADIUS FAILED
- PROXIED :
Definition : The PROXIED error is generated by a denial being returned to us by the
authenticating servers set for that specific realm. If you use our hosted RADIUS solution
for the realm in question, the PROXIED error is the result of an improper
username/password combination.
Example : We receive a request for a specific user. We pass the request to the server(s)
on file for that child realm. We received a denial from the server to which we just passed
the request.
Resolution : Check your error logs on the server for the realm of the failing user.
- INACTIVE REALM :
Definition : The INACTIVE REALM error is generated when the realm of a username exists; however,
is not active in our system. This is most likely caused by the MasterRealm being suspended; however,
this may be set by choice of the MasterRealm to block these users.
Example : We receive a request for a specific user. We see the realm is set as inactive due to
choice or suspension. The end user will receive an authentication error and we will record the
failed attempt.
Resolution : Contact GlobalPOPs to reinstate your account or turn the inactive realm back to active.
- REALM NOT ENHANCED :
Definition : The REALM NOT ENHANCED error is generated when a user not subscribe to our off-net
numbers attempts connection to a number that is off-net.
Example : We receive a request for a specific user. We see that the user dialed into the NAS
using an off-net number; however, the user's realm does not subscribe to our off-net numbers.
The end user will receive an authentication error and we will record the failed attempt.
Resolution : Contact your ales rep to purchase services available to use off-net numbers; otherwise,
search our locators for another number that is local for the user and on-net.
- MASTER REALM OUT OF PORTS :
Definition : The MASTER REALM OUT OF PORTS error is generated when we receive a connection request
for a realm; however, the total amount of concurrent connections for the MasterRealm matches or
surpasses the purchased amount of ports.
Example : We receive a request for a specific user. We see that the MasterRealm of the
username's realm purchases a total of 80 ports. We then check and see that currently 80 or more
users are connected for this MasterRealm. The end user will receive an authentication error
and we will record the failed attempt.
Resolution : Go to our
Orders Page, log in
as your MasterRealm if necessary. Go to, fill out, and submit the change port quantity order form.
- DEACTIVATED NUMBER :
Definition : The DEACTIVATED error is generated when a user dials into a number that we have
deactivated.
Example : We receive a request for a specific user. The access number this user dialed to
connect to the NAS is marked as deactivated in our database. The end user will receive an
authentication error, and we will record the failed login attempt under DEACTIVATED NUMBER.
Resolution : If we are not publishing the claimed deactivated number, find a new number and
have your user attempt connection through the new number. If the number is published in our
locator, start a trouble ticket on the non-working number.
- BLACKLISTED :
Definition : The BLACKLISTED error is generated when a user attempts to connect and they are
in our BLACKLIST.
Example : We receive a request for a specific user. If we find the user including realm match
or the callerid of the connection attempt in our blacklist the user will receive an authentication
error and we will record the BLACKLIST error.
Resolution : Check the complaint(s) sent to your trouble ticket contacts. Contact your
end user and fix the issue that they are causing. If needed contact GlobalPOPs when removal
from the blacklist is justified.
- OVER LIMIT ON HOURS :
Definition : The OVER LIMIT ON HOURS error is generated when a user attempts to connect and
is over their hourly limit. The hourly limit pertains to a rolling month ending now.
Example : We receive a request for a specific user. We see that the user attempting connection
has 250 hours accumulated in a 30 day period ending at the time of this connection attempt.
If the realm is set to a number less than 250, the user will receive an authentication error
and we will record the error in the Back-Office.
Resolution : Contact your sales rep to purchased a service that will allow more/unlimited time
to your users, create another account for the user, have the user wait to attempt connection until
their total used time in the rolling month has dropped below their limit.
- EXCEEDS USER SESSION LIMIT :
Definition : The EXCEEDS USER SESSION LIMIT error is generated when two requirements are met :
- The user has proven to be an "abuser" of our
ghosting policy.
- The user is attempting to connect while we believe they may still be online.
This is explained in more detail in our Ghosting Policy section of the FAQ.
The users will receive an authentication error and we will record the failed attempt.
Example : We receive a request for a specific user. We see that we have not yet received
the stop packet from an earlier connection of the same user. We then see that the user is marked
as an abuser because of five 20 minute simultaneous periods. The user will receive an authentication
error and we will record the failed attempt.
Resolution : Contact your customer and explain to them they have been connecting simultaneously,
and until the time passes that they are no longer marked as an abuser (up to 30 days),
they may have to wait until the 8 hours from the connection time before they can reconnect.
- EMPTY PASSWORD :
Definition : The EMPTY PASSWORD error is generated when our RADIUS receives a blank value
as the password in the request from the connecting NAS.
Example : We receive a request for a specific user. The user's dialer did not send a
password to the NAS. We record the error and send the denial to the NAS. The dialing user
then receives an authentication error.
Resolution : Test the connection attempted by the end user that received the error making
sure to clear out and re-type the password completely fresh in the dialer. If the connection attempt results in
another empty password error, start a ticket at
http://tickets.globalpops.com (the NAS may be causing the issue).
If the connection is successful on this attempt, have your end user restart their machine, completely
remove the password and re-type the password in their dialer. Sometimes WinXP shows the circles
(wildcard character) in the password filed, but does not transmit anything. If this does not
resolve the issue, have the end user find all pwl files and delete them, restart their machine,
and again recreate the password in the dialer field. Sometimes Win98 corrupts the pwl (password list)
files and causes the password to be no longer valid.
- SQL PROXY RADIUS FAILED :
Definition : The SQL PROXY RADIUS FAILED error is generated when we deny a user
due to unresponsiveness of the authing RADIUS server(s) for that realm. After unsuccessfully
attempting contact with the authing RADIUS servers, we will also use a cached user/password
list and the failure policy configured for the realm..
Example : We receive a request for a specific user. We pass the request to the primary auth server
on file for that child realm. If we do not receive a response within the time set for that realm,
we will send the request to the secondary auth server on account for that realm. Again, if
we do not receive a response within the time set for that realm, we move on. Next we compare the
attempt with the
CACHED USERS LIST. If we have never had the username entered
into the list, we will (as final resort) check the FAILURE POLICY set on that realm. Each of
these processes will only be useable if the NAS has allowed us enough time to get through each process.
If the failure policy returns a denial or the NAS does not give us enough time to complete all of
these procedures and we still have not received the proper answer for the request, we will mark the
errored attempt as SQL PROXY RADIUS FAILED. Commonly the end user dialing would receive an unresponsive
server error.
Resolution : Determine if your servers are responding for any attempts from us.
If it is, check to see what attributes are being sent and what is different about the users failing and
the users that can connect. Most often this is caused by issues on the auth server(s) we have on file
for the realm. If you can pinpoint the issue, start a ticket with the information you have assessed.
IX. POLICIES & EXTRAS
X. CDR Data
- Setup
- Accessing .CDR Files
- Column Names
- Update Frequency
- Q. I want access to raw accounting data. Is this what I'm looking for?
-
A. If you are looking for raw accounting data, then this is for you. While this is not the entire accounting packet that we receive, it is close to it. Some fields, like Ascend Data Fields, have been omitted; they are either not useful or are not reliable (Ascend data fields are not filled in when the equipment at the NAS is not Ascend equipment.)
To set this up, you simply need to be logged in as a Parent / Master Realm. Click the "CDR" option on the Menu. When the frame is finished loading, you should see a message in the middle frame that begins "Your Account, [master realm], is not set up to have CDR (Call Data Record) files...". Just click the "Click Here" link and your account
will be set up to have .CDR files generated.
- Q. Ok. I've Signed Up for the .CDR Files. How do I Get Them?
-
A. There are two main ways to get your .CDR data. The first would be to write a script that will make a link available to download the data. The format for the URL is as follows:
http://cdr.loginto.us/[realmID]/[realmID]-[mm][dd][yyyy].zip
Each zip file is password protected with your Parent Account password. (The same password that the parent account uses to log into the BackOffice, except that the password is LOWER CASE ONLY)
The second way (and probably easier) is to log into the BackOffice, click "CDR" from the menu on the left, and click "view a listing of your CDR folder". The listing that shows up is
all of the zipped .cdr files in your folder. Also included is the date the file was created and its approximate size.
- Q. Wow. There is a lot of Accounting Data packed Into the Files. What does each column mean?
-
A. The following columns are pulled from the database and put into the .CDR files:
Login - Time the User logged in. This is in Eastern Time.
Logout - Time the User logged out. This is in Eastern Time
UserName - Username of user logged in.
Realm - The Realm of the User logged in.
MasterRealm - Parent/Master Realm of the User logged in.
Rate Center - Rate Center of the Access Number called by the user.
State - State Abbreviation of the Access Number dialed by the user.
CallerID - CallerID of the Access Number dialed by the user. This will be in 7 or 10 digit format.
Access Number - Access Number dialed by the user. This is the full 10 digit number dialed.
Reported DNIS - The actual number dialed by the user.
FramedAddress - IP address of the user dialed in.
Session Time - The amount of time, in seconds, that the user spent online in this session.
NAS IP Address - IP Address of the NAS.
NAS ID - Identifier of the NAS.
NAS Port - Port that the user dialed into the NAS on.
Session-ID - Session ID of the call.
User Service - Type of service the user connects to the NAS with. (Admin, Framed-User, ISDN-User, Outbound-User, Shell or Telnet)
Framed Protocol - Type of Protocol used when the user connects.
Input Octets - Amount of data uploaded by the user.
Output Octets - Amount of data downloaded by the user.
NAS Port Type - Type of Port (Sync, Async, etc.)
Link Count - The count of connections that are known in a given multilink session at the time the accounting record is generated.
Multi-Session Id - If a multi-session exists, this is the identifier.
- Q. Alrighty. I understand most things up to this point. How often is this information created?
-
A. This information is created everyday at 5:00 AM Eastern Time. If your Parent Account is invalid for any reason when this information is being compiled, your folder
containing .CDR data will be deleted. Currently, this data is archived for 30 days. However, this may change to 15 days if drive space starts to become limited.