Date: Sat, 7 Oct 2000 15:24:50 -0400 From: "Troy Settle" <troy@psknet.com> To: "Odhiambo Washington" <wash@iconnect.co.ke>, <freebsd-isp@freebsd.org> Subject: RE: Radius and Accounting Message-ID: <BFEGKDHLHDNOJEIHJDBAIEDICAAA.troy@psknet.com> In-Reply-To: <20001007201746.A1451@siafu.iconnect.co.ke>
next in thread | previous in thread | raw e-mail | index | archive | help
1. It almost sounds like you've gone and deployed a radius server at every POP. While I'm sure there's plenty of arguments for doing this, you should be aware that a single radius server (even on a 486) can handle many thousands of ports. I can't speak for others, but I know Cistron is reliable enough to trust as a single radius server (though a backup is always a good idea). At the very least, make sure that all your users are in a single user database (/etc/passwd, the users file, whatever), and distribute it among each radius server (they should probably all have the exact same configuration by the time you're done). In a previous position, we had a secondary radius server. Accounts were created on the primary, then the passwd file was distributed to the secondary by a script that checked for updates every 5 minutes (if a user signs up or changes their password over the phone, they shouldn't have to wait too awful long to use the 'net). I also had a simple script that I ran to copy any changes to the radius configuraiton itself (clients, users, realms, etc...) 2. Check /usr/ports/net/radreport. It's fairly primitive, but will give you the information you want. If you need something more advanced, I would suggest SQL. A lot of folks have started dumping their accounting data directly into SQL (my radiusd doesn't even think about writing a detail file to disk any more). Having the data in SQL, I can generate reports whenever I like. I can even have a realtime web interface for customers to see how many hours they've spent online and how much data they've transferred. -- Troy Settle Pulaski Networks 540.994.4254 It's always a long day, 86400 doesn't fit into a short > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Odhiambo Washington > Sent: Saturday, October 07, 2000 1:18 PM > To: freebsd-isp@freebsd.org > Subject: Radius and Accounting > > > Hello, > May I please present 2 questions. > > 1. I use RADIUS authentication and I am increasing the POPs. Now suppose I > have POP-a, POP-b upto POP-n. I want clients registered at the different > POPs to be able to login at any other POP using their username and > password. A client from POP-a visits the area where I have POP-b and s/he > should simply change the number to dial and everything should work. > What my question is: Other than Proxy radius, is there any other safer way > of ensuring the user can authenticate at all POPs without hassles? > I am thinking of something like a db file that stores the authentication > details (/etc/raddb/users + /etc/passwd) and this is synchronized between > all the POPs in say, hourly intervals, maybe by rdist or something..I just > have a vague idea ;-) > > 2. Second question. I would like to be able to get the totals of all the > bytes transferred (sent and received) by a client, daily totals as well as > monthly totals. I am not any good in scripting but I have a > feeling there is > some script somewhere, maybe from Lucent or someone, than I can > use to do this. > I know this data can be found in the detail files...only how do I process > it... I just need a pointer. > > Thanks > > -- > Odhiambo Washington > Systems Administrator > Inter-Connect Ltd. > 3rd Flr The Chancery > Valley Rd > PO Box 39519 Nairobi > Tel: 254 2 711140 > Fax: 254 2 718418 > > For every action, there is an equal and opposite criticism. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BFEGKDHLHDNOJEIHJDBAIEDICAAA.troy>