From owner-freebsd-isp Thu Aug 16 7:59:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from guard.polynet.lviv.ua (Guard.PolyNet.Lviv.UA [217.9.2.1]) by hub.freebsd.org (Postfix) with SMTP id DC32E37B40C for ; Thu, 16 Aug 2001 07:59:04 -0700 (PDT) (envelope-from pam@polynet.lviv.ua) Received: (qmail 21162 invoked from network); 16 Aug 2001 14:59:00 -0000 Received: from postoffice.lp.Lviv.ua (HELO polynet.lviv.ua) (192.168.0.6) by 192.168.0.1 with SMTP; 16 Aug 2001 14:59:00 -0000 Received: (qmail 29212 invoked by uid 0); 16 Aug 2001 14:59:00 -0000 Received: (ofmipd ghost.lp.lviv.ua); 16 Aug 2001 14:58:38 -0000 Received: (qmail 4637 invoked by uid 1000); 16 Aug 2001 14:59:00 -0000 Date: 16 Aug 2001 17:59:00 +0300 Message-ID: <20010816175859.E528@polynet.lviv.ua> From: "Adrian Pavlykevych" Mail-Followup-To: freebsd-isp@polynet.lviv.ua To: freebsd-isp@freebsd.org Subject: Re: RADIUS Accounting with SQUID References: <997919908.1446.1202.camel@localhost> <20010815094331.B12922@jake.akitanet.co.uk> <997984620.1446.2253.camel@localhost> <20010816141325.C19104@jake.akitanet.co.uk> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="E39vaYmALEf/7YXx" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010816141325.C19104@jake.akitanet.co.uk>; from paul@akita.co.uk on Thu, Aug 16, 2001 at 02:13:26PM +0100 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --E39vaYmALEf/7YXx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 16, 2001 at 02:13:26PM +0100, Paul Robinson wrote: > On Aug 16, Andrew Reid wrote: > > I've not had much to do with RADIUS, but I know that it provides some > > accounting functionality. I thought that the two (SQUID and RADIUS) > > could be mushed together somehow to provide a slightly more workable > > solution to Internet Quota. >=20 > Well. Hmph. OK, this might be quite awkward. The only way I can think of > getting an Accounting-Start is with munging some sort of proxy > authentication. However, you will get a start saying 'this kid has just > started' but will get no more further information until they > de-authenticate, or log-off, thereby causing an accounting-stop which > contains all the information like how long they were logged in for, amount > of data moved, etc. This is because RADIUS is meant for dial-up work - the > fact that people have just managed to make it work elsewhere, particularly > for authentication doesn't mean to say it's the best way to handle this s= ort > of thing. Well, it depends. Squid has no other notion of user session as HTTP session= s (every request or, in case of HTTP 1.1 persistant connection, several req= uests). So, user authentication is done on per connection basis (modulo cac= hing). If we cloud get Squid to call function on every disconnect (same as = access log entry is written), we could get nice sequence of RADIUS accounti= ng Start and Stop packets. =20 > There is a need for this sort of stuff, but in an ISP context, you're goi= ng > to be able to get it off the RADIUS accounting from the dial-up port. In > this context there is a clear start and end to a session. In the situation > you're talking about, we're talking more 'hot-desking', and users may sha= re > machines, or the end of a session might not be as easily visible to the > proxy. You don't have any long living session in Squid, see above. Problems with "= hot-desking" are organizational - same as someone going away from logged in= computer or terminal, and should be handled as such (e.g. administratively= ). Besides, if someone is sloppy or "kind" enough to let others eat his sha= re of network resources, it is his fault and problem. Regards, --=20 Adrian Pavlykevych email: System Administrator phone/fax: +380 (322) 742041 Lviv Polytechnic National University --E39vaYmALEf/7YXx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjt737MACgkQdWQndLibxtDibgCgt7zrbDImrlUkHIfFEJ1xJMdf guEAoI3TQVfllDPRZZ0hpaKT2mHV9Cz8 =CbCZ -----END PGP SIGNATURE----- --E39vaYmALEf/7YXx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message