Date: Thu, 16 Aug 2001 14:13:26 +0100 From: Paul Robinson <paul@akita.co.uk> To: Andrew Reid <andrew.reid@plug.cx> Cc: freebsd-isp@freebsd.org Subject: Re: RADIUS Accounting with SQUID Message-ID: <20010816141325.C19104@jake.akitanet.co.uk> In-Reply-To: <997984620.1446.2253.camel@localhost>; from andrew.reid@plug.cx on Fri, Aug 17, 2001 at 03:27:00AM %2B0930 References: <997919908.1446.1202.camel@localhost> <20010815094331.B12922@jake.akitanet.co.uk> <997984620.1446.2253.camel@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Aug 16, Andrew Reid <andrew.reid@plug.cx> wrote: > Well, we (Glenunga International High School, Adelaide, South Australia) > have written an Internet Quota system to stop students using too much of > our bandwidth. This was a requirement of us getting a nice 11Mbps > Wireless link, as the increased bandwidth would most certainly put us in > the financial poo if it went unchecked. I am assuming that a bandwidth cap would be out of the question, or perhaps even the use of something like dummynet or whatever to do bandwidth 'shaping'? (I love the 'phrase' shaping when used to mean 'restriction'. :) ). > So, we've got something, working and I'm happy. I've decided that I want > to be able to get some more information. Things like per-user MRTG-ish > graphs and the like would be great. Personally, if there was more than just a few students, I'd find this horrendous to look at, but each to their own. :-) > I've not had much to do with RADIUS, but I know that it provides some > accounting functionality. I thought that the two (SQUID and RADIUS) > could be mushed together somehow to provide a slightly more workable > solution to Internet Quota. Well. Hmph. OK, this might be quite awkward. The only way I can think of getting an Accounting-Start is with munging some sort of proxy authentication. However, you will get a start saying 'this kid has just started' but will get no more further information until they de-authenticate, or log-off, thereby causing an accounting-stop which contains all the information like how long they were logged in for, amount of data moved, etc. This is because RADIUS is meant for dial-up work - the fact that people have just managed to make it work elsewhere, particularly for authentication doesn't mean to say it's the best way to handle this sort of thing. The only other thing I can think of is you were doing Rad-acct update packets, but that gets messy. There is a need for this sort of stuff, but in an ISP context, you're going to be able to get it off the RADIUS accounting from the dial-up port. In this context there is a clear start and end to a session. In the situation you're talking about, we're talking more 'hot-desking', and users may share machines, or the end of a session might not be as easily visible to the proxy. The only way I can think of reliably doing this is to take a list of network login/logoff times and your bandwidth figures taken off the switch, or whatever, and consider correlating the two - a Perl script to do this shouldn't be more than an afternoon's work. :-) In fact, I'm relatively new to Squid, but having just looked around the logging it does, you could actually correlate the Squid logs with the user login/logoff logs quite successfully. As to how you then stop a user leeching bandwidth automatically, is another question... You might however want to take a look at: http://www.cineca.it/~nico/squidclients.html ... which I found from digging around some squid mailing lists and web site. If I think of any other way of doing this, I'll post back, but I'm sure there are others around here that will have ideas. -- Paul Robinson ,--------------------------------------- Technical Director @ Akita | A computer lets you make more mistakes PO Box 604, Manchester, M60 3PR | than any other invention with the T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and | Tequila - Mitch Ratcliffe `----- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010816141325.C19104>