From owner-freebsd-isp Sat Oct 7 12:24:39 2000 Delivered-To: freebsd-isp@freebsd.org Received: from mail.psknet.com (orion.psknet.com [207.198.61.253]) by hub.freebsd.org (Postfix) with SMTP id 58CB037B502 for ; Sat, 7 Oct 2000 12:24:35 -0700 (PDT) Received: (qmail 50719 invoked from network); 7 Oct 2000 19:24:42 -0000 Received: from arcadia.psknet.com (HELO arcadia) (207.198.61.250) by orion.psknet.com with SMTP; 7 Oct 2000 19:24:42 -0000 From: "Troy Settle" To: "Odhiambo Washington" , Subject: RE: Radius and Accounting Date: Sat, 7 Oct 2000 15:24:50 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <20001007201746.A1451@siafu.iconnect.co.ke> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal X-AntiVirus: scanned for viruses by AMaViS 0.2.1-pre3 (http://amavis.org/) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org 1. It almost sounds like you've gone and deployed a radius server at every POP. While I'm sure there's plenty of arguments for doing this, you should be aware that a single radius server (even on a 486) can handle many thousands of ports. I can't speak for others, but I know Cistron is reliable enough to trust as a single radius server (though a backup is always a good idea). At the very least, make sure that all your users are in a single user database (/etc/passwd, the users file, whatever), and distribute it among each radius server (they should probably all have the exact same configuration by the time you're done). In a previous position, we had a secondary radius server. Accounts were created on the primary, then the passwd file was distributed to the secondary by a script that checked for updates every 5 minutes (if a user signs up or changes their password over the phone, they shouldn't have to wait too awful long to use the 'net). I also had a simple script that I ran to copy any changes to the radius configuraiton itself (clients, users, realms, etc...) 2. Check /usr/ports/net/radreport. It's fairly primitive, but will give you the information you want. If you need something more advanced, I would suggest SQL. A lot of folks have started dumping their accounting data directly into SQL (my radiusd doesn't even think about writing a detail file to disk any more). Having the data in SQL, I can generate reports whenever I like. I can even have a realtime web interface for customers to see how many hours they've spent online and how much data they've transferred. -- Troy Settle Pulaski Networks 540.994.4254 It's always a long day, 86400 doesn't fit into a short > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Odhiambo Washington > Sent: Saturday, October 07, 2000 1:18 PM > To: freebsd-isp@freebsd.org > Subject: Radius and Accounting > > > Hello, > May I please present 2 questions. > > 1. I use RADIUS authentication and I am increasing the POPs. Now suppose I > have POP-a, POP-b upto POP-n. I want clients registered at the different > POPs to be able to login at any other POP using their username and > password. A client from POP-a visits the area where I have POP-b and s/he > should simply change the number to dial and everything should work. > What my question is: Other than Proxy radius, is there any other safer way > of ensuring the user can authenticate at all POPs without hassles? > I am thinking of something like a db file that stores the authentication > details (/etc/raddb/users + /etc/passwd) and this is synchronized between > all the POPs in say, hourly intervals, maybe by rdist or something..I just > have a vague idea ;-) > > 2. Second question. I would like to be able to get the totals of all the > bytes transferred (sent and received) by a client, daily totals as well as > monthly totals. I am not any good in scripting but I have a > feeling there is > some script somewhere, maybe from Lucent or someone, than I can > use to do this. > I know this data can be found in the detail files...only how do I process > it... I just need a pointer. > > Thanks > > -- > Odhiambo Washington > Systems Administrator > Inter-Connect Ltd. > 3rd Flr The Chancery > Valley Rd > PO Box 39519 Nairobi > Tel: 254 2 711140 > Fax: 254 2 718418 > > For every action, there is an equal and opposite criticism. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message