Abstract: A Max Sessions Server (MSS) automatically detects hardware and communications failures. Upon detection, counters are adjusted accordingly to maintain an accurate count of users or groups of users on a system. A database of unique identifiers for each connection is maintained, where the unique identifier is a concatenation of a Network Access Server (NAS) and the connection's incoming NAS node number. If a user requests permission to log into the system, the MSS first checks the database to determine if the unique identifier is already logged in. If so, then a hardware or communications failure has occurred and the MSS must make the appropriate adjustments to the database and counter.

Abstract: A Max Sessions Server (MSS) automatically detects hardware and communications failures. Upon detection, counters are adjusted accordingly to maintain an accurate count of users or groups of users on a system. A database of unique identifiers for each connection is maintained, where the unique identifier is a concatenation of a Network Access Server (NAS) and the connection's incoming NAS node number. If a user requests permission to log into the system, the MSS first checks the database to determine if the unique identifier is already logged in. If so, then a hardware or communications failure has occurred and the MSS must make the appropriate adjustments to the database and counter.

Abstract: A Max Sessions Server (MSS) automatically detects hardware and communications failures. Upon detection, counters are adjusted accordingly to maintain an accurate count of users or groups of users on a system. A database of unique identifiers for each connection is maintained, where the unique identifier is a concatenation of a Network Access Server (NAS) and the connection's incoming NAS node number. If a user requests permission to log into the system, the MSS first checks the database to determine if the unique identifier is already logged in. If so, then a hardware or communications failure has occurred and the MSS must make the appropriate adjustments to the database and counter.

Abstract: A Max Sessions Server (MSS) automatically detects hardware and communications failures. Upon detection, counters are adjusted accordingly to maintain an accurate count of users or groups of users on a system. A database of unique identifiers for each connection is maintained, where the unique identifier is a concatenation of a Network Access Server (NAS) and the connection's incoming NAS node number. If a user requests permission to log into the system, the MSS first checks the database to determine if the unique identifier is already logged in. If so, then a hardware or communications failure has occurred and the MSS must make the appropriate adjustments to the database and counter. Additionally, the MSS or an authentication, authorization and accounting (AAA) server will periodically check to determine if an NAS has ceased communicating over a particular length of time and relay any failures to the MSS.

Abstract: A mechanism for authorizing a data communication session between a client and a first server is disclosed. When a request is received to establish a session with a particular entity that is associated with the client, it is determined whether authorization of the session can be performed locally at a second server. If it is determined that authorization of the session can be performed locally at the second server then, the first server is informed that the session may be established between the client and the first server for the particular entity. A third server that is associated with the particular entity is identified and once the first server is informed that the session may be established, the third server is informed that the session has been authorized to be established for the particular entity. However, if authorization of the session cannot be performed locally at the second server then, the third server is requested to authorize the session between the client and the first server.

Abstract: A method and apparatus for using a session identifier to identify a specific data communications session between an apparatus and an external apparatus is disclosed. When a data communications session is initiated between the apparatus and an external apparatus, the external apparatus sends authenticating information to the apparatus. The apparatus uses the authenticating information to determine the identity and the privileges of the external apparatus for the particular session. A unique session identifier is created by the apparatus, and the session identifier is associated with the external apparatus's identity and privileges. The session identifier is passed between the apparatus and the external apparatus with each subsequent data communication in the session until the session is terminated. The apparatus uses the session identifier received with the data communications to identify the external apparatus and its privileges and allocate resources accordingly.

Abstract: An authorizing apparatus for use with a client that connects to a first server in a network includes a second server that authorizes session requests of the client for the first server. Resource allocation data is available to the second server and indicates whether a session may be established between the client and the first server. The second server has information that associates an entity that is associated with one or more clients, and information that associates the second server to a third server that is authoritative for the second server and the associated clients. When a request to establish a session between the client and the first server is received, the second server determines, based on one of the records that is associated with the client, whether the session may be established when the client is associated with the entity. If not, the second server requests a global authorization server to determine whether a session is allowable.

Abstract: An authorizing apparatus for use with a client that connects to a first server in a network is described. The authorizing apparatus includes a second server that authorizes session requests of the client for the first server. A plurality of records of resource allocation data is coupled with the second server. Each record indicates whether a session may be established between the client and the first server. Coupled to the second server is information that associates an entity that includes and is associated with one or more clients, and information that associates the second server to a third server that is authoritative for the second server and the associated clients. Means are provided for receiving a request to establish a session between the client and the first server and for determining, at the second server, based on one of the records that is associated with the client, whether the session may be established when the client is associated with the entity.

Abstract: A mechanism for performing a disconnect policy involving authorizing a data communication session between a client and a first server is disclosed. The mechanism provides a failover scheme in which local servers record the number of active sessions that they have authorized for a particular user entity. Each user entity is assigned an authoritative server. The authoritative servers maintain global session information for each user entity in which they are assigned. When a local server cannot authorize a session for a particular user entity the local server communicates with the authoritative server to determine whether a session should be established for the user entity. If communication is lost between a local server and an authoritative server, the local server assumes that no other servers have authorized active sessions for the particular user entity. In a similar manner, the authoritative server assumes that the local server has not authorized any active sessions for the particular entity.

Abstract: A mechanism for authorizing a data communication session between a client and a first server is disclosed. When a request is received to establish a session with a particular entity that is associated with the client, it is determined whether authorization of the session can be performed locally at a second server. If it is determined that authorization of the session can be performed locally at the second server then, the first server is informed that the session may be established between the client and the first server for the particular entity. A third server that is associated with the particular entity is identified and once the first server is informed that the session may be established, the third server is informed that the session has been authorized to be established for the particular entity. However, if authorization of the session cannot be performed locally at the second server then, the third server is requested to authorize the session between the client and the first server.