Date: Sat, 25 Aug 2001 12:08:05 -0400 From: Paul Chvostek <paul@it.ca> To: "Kermit T. Frog" <kermit@beamans.com> Cc: freebsd-questions@freebsd.org Subject: Re: Freebsd script, or package Message-ID: <20010825120804.C74195@gahch.it.ca> In-Reply-To: <000801c6ad23$c9caa780$0100bac0@kermit>; from kermit@beamans.com on Fri, Jul 21, 2006 at 05:14:19PM -0700 References: <000801c6ad23$c9caa780$0100bac0@kermit>
next in thread | previous in thread | raw e-mail | index | archive | help
"Kicking" a user is a bit problematic, since different terminal servers will require different commands to cut someone off. RADIUS is only an authentication protocol, and doesn't provide for cutoffs except based on session time limits set as part of the authentication process. That said, tsmon is an option. http://www.tsmon.com/ has details. It is commercial software that's been around for *ages*, and presumably works fairly well. It has "ban" functionality among other things. If you want to go for an open source solution, check out the Cistron RADIUS derivatives. ftp://ftp.cheapnet.net/pub/icradius/FAQ has details on one that grabs auth data from a MySQL table. With it, you can assign a maximum session time and total time per user per period of time, so you can for example let a user eat up 40 hours in six hour blocks, and his last call will be given only as many hours of the 40 that are left when he calls. Pretty nifty, but may require some additional setup if your user database already exists in some other format, or is being used for other services like local mail delivery and POP3 authentication which by default work with the local password file. Another option is http://www.xtradius.com/ which is capable of running external scripts for authentication and accounting. With this, you could build a system which locked accounts via whatever means you currently have for doing that from a command line. It would be simple to have the authentication process put a "5 hour lockout" on an account simply by locking the account after a successful authentication then scheduling an unlock with at(1), at "now+5 hours". If you haven't already, you might want to fix the date in your computer. p On Fri, Jul 21, 2006 at 05:14:19PM -0700, Kermit T. Frog wrote: > > Is there any known script or package that you can install, that kicks a user after a certant amount of time being logged in the radius server, and automatically bans them for a certant amount of time, then automatically un bans them? > > Thanks for any help, > Kermit -- Paul Chvostek <paul@it.ca> Operations / Development / Abuse / Whatever vox: +1 416 598-0000 IT Canada http://www.it.ca/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010825120804.C74195>