From owner-freebsd-isp Fri Feb 21 15: 8:22 2003 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1BE7D37B401 for ; Fri, 21 Feb 2003 15:08:21 -0800 (PST) Received: from zephir.primus.ca (mail.tor.primus.ca [216.254.136.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 40D9143FAF for ; Fri, 21 Feb 2003 15:08:20 -0800 (PST) (envelope-from leth@lethargic.dyndns.org) Received: from dialin-154-68.tor.primus.ca ([216.254.154.68] helo=lethargic.dyndns.org) by zephir.primus.ca with esmtp (TLSv1:DES-CBC3-SHA:168) (Exim 3.36 #3) id 18mMHB-0000gs-0A; Fri, 21 Feb 2003 18:08:18 -0500 Received: from lethargic.dyndns.org (leth@localhost [127.0.0.1]) by lethargic.dyndns.org (8.12.6/8.12.6) with ESMTP id h1LN8FEG004206; Fri, 21 Feb 2003 18:08:15 -0500 (EST) (envelope-from leth@lethargic.dyndns.org) Received: (from leth@localhost) by lethargic.dyndns.org (8.12.6/8.12.6/Submit) id h1LN8Dwt004205; Fri, 21 Feb 2003 18:08:13 -0500 (EST) Date: Fri, 21 Feb 2003 18:08:12 -0500 From: Jason Hunt To: Manny Obrey Cc: freebsd-isp@FreeBSD.ORG Subject: Re: radius server suggestions Message-ID: <20030221230812.GA4149@lethargic.dyndns.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.4i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Fri, Feb 21, 2003 at 02:31:09PM +0000, Manny Obrey wrote: > > I'd like to get some input on open source radius server packages. > Can anyone suggest which to stay away from and/or which ones are working > for you ? > Anyone care to comment on any of the implementations listed at the > following url ? > > http://www.freeradius.org/related > > GNURadius > OpenRadius > Cistron > XtRadius > ICRadius > > here are some of my requirements: > - robust > - radius server should be able to query a backend ldap server > - also allow me to have an ascii file that would allow me to > allow/disallow users that may be in that file. > > Any hlp apprec. > My personal recommendation is OpenRADIUS with an LDAP directory for holding user attributes and SQL database for holding accounting records. LDAP is suitable for authentication information, simply because the data is not required to be up-to-date at all times. If a user cannot log in for five minutes because his password change did not go replicate yet, that's not a big deal, since it eventually will be replicated. SQL is intended for complex and transaction-based queries, which makes it well suited to store accounting records. RADIUS records the start and stop times of every user, along with various information such as the speed they connected at, what number they dialed from (provided your telco supports passing you this info), what number the user dialed in to (ditto on the telcot thing), the reason they got disconnected (if the hardware they dialed in to supports it), octets sent and receives, etc It is then really easy to create an script for users to login to and view their usage statistics. Also a lot of ISP environments track usage for billing purposes, making this chore very simple. Just my two cents. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message