From owner-freebsd-isp Sat Oct 7 12:50: 5 2000 Delivered-To: freebsd-isp@freebsd.org Received: from siafu.iconnect.co.ke (upagraha.iconnect.co.ke [209.198.248.2]) by hub.freebsd.org (Postfix) with ESMTP id 0764D37B503 for ; Sat, 7 Oct 2000 12:49:44 -0700 (PDT) Received: from wash by siafu.iconnect.co.ke with local (Exim 2.12 #1) id 13hzx7-0007bb-00 for freebsd-isp@freebsd.org; Sat, 7 Oct 2000 22:48:13 +0300 Date: Sat, 7 Oct 2000 22:48:13 +0300 From: Odhiambo Washington To: freebsd-isp@freebsd.org Subject: Re: Radius and Accounting Message-ID: <20001007224813.A29067@siafu.iconnect.co.ke> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i X-Mailer: Mutt http://www.mutt.org/ X-Accept-Language: en fr X-Editor: Pico http://www.pico.org/ X-Location: Mombasa, Kenya, East Africa X-Uptime: 10:47PM up 40 days, 11:38, 1 user, load averages: 0.35, 0.26, 0.19 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Troy Settle [20001007 22:26]: => =>1. It almost sounds like you've gone and deployed a radius server at every =>POP. While I'm sure there's plenty of arguments for doing this, you should =>be aware that a single radius server (even on a 486) can handle many =>thousands of ports. I can't speak for others, but I know Cistron is =>reliable enough to trust as a single radius server (though a backup is =>always a good idea). At the very least, make sure that all your users are =>in a single user database (/etc/passwd, the users file, whatever), and =>distribute it among each radius server (they should probably all have the =>exact same configuration by the time you're done). I did this yes ;-) for two POPs but we're going to have 2 more POPs and I am concerned about it. At current we use PortMaster 2E (old stuff!) and Radius on FreeBSD. I also use proxy radius. When you have a single radius server and you've got to authenticate from more that 3 POPs, I thought there would be some concern on authent traffic on the link btn the POPs. On a single user db, my only worry is that of how I can merge the info rqd by radius (as in the /etc/raddb/users) into /etc/passwd?? That kinda makes it difficult.. => =>In a previous position, we had a secondary radius server. Accounts were =>created on the primary, then the passwd file was distributed to the =>secondary by a script that checked for updates every 5 minutes (if a user =>signs up or changes their password over the phone, they shouldn't have to =>wait too awful long to use the 'net). I also had a simple script that I ran =>to copy any changes to the radius configuraiton itself (clients, users, =>realms, etc...) Almost what I am looking for!! Any possiblility of sharing those scripts, please. I must plead because I am not a programmer...I am those network engineers promoted to sysadmin ;-) but I'm thinking of embracing perl, though I must swear I need more time. => =>2. Check /usr/ports/net/radreport. It's fairly primitive, but will give =>you the information you want. If you need something more advanced, I would =>suggest SQL. A lot of folks have started dumping their accounting data =>directly into SQL (my radiusd doesn't even think about writing a detail file =>to disk any more). Having the data in SQL, I can generate reports whenever =>I like. I can even have a realtime web interface for customers to see how =>many hours they've spent online and how much data they've transferred. Now that is superb!! Any HOWTOs towards achieving this??? Howto get radius to write directly to SQL db?? We have 2 SQL programmers who I believe will assist with some coaxing... -Wash -- Odhiambo Washington Inter-Connect Ltd., wash@iconnect.co.ke 5th Flr Furaha Plaza Tel: 254 11 222604 Nkrumah Rd., Fax: 254 11 222636 PO Box 83613 MOMBASA, KENYA. When all men think alike, no one thinks very much. -Walter Lippmann To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message