freeradius and dynamic ip allocation

Paul Robinson paul at iconoplex.co.uk
Thu May 29 10:09:27 BST 2003


Again, back to the list for the googlers out there...

On Wed, May 28, 2003 at 05:41:53PM +0100, Robin Garbutt wrote:

> oh, and what sort of logging does xtradius provide?  this is quite

It throws you the accounting and authentication packets and passes them as 
command-line arguments to your script. What you do with them there is your 
voodoo, and only your voodoo. :-)

> important so I know who's logged on, for how long, when they
> disconnected, wrong user names and passwords and possibly what traffic
> they have down/uploaded and sites surfed...is this possible?  I know
> freeradius only offer half this.

Ouch. OK, there are certain things your RAS (which is responsible for 
sending the accounting packets) can tell you and certain things it can't. 
You can certainly grab who is logged in and for how long. You can also 
produce audit trails of when users logged on historically and for how long 
etc. You can of course log wrong usernames/passwords, and the byte count of 
uploads/downloads. If you want to see the sites surfed (why on earth you 
would want to, and in the UK at least it's agains the law unless you're 
acting on behalf of their employer) you're going to need to put a Squid 
reverse proxy (note the reverse) in place and match up IP/time on your 
radius logs with the logs there.

Of course, the easiest way to do that is to give everybody a static IP 
address, and keep your existing config.

I think you need to work out exactly what you want. It might be if you're 
new to RADIUS, XtRADIUS might be overkill for what you want right now, 
unless you need it as part of a bigger system. I suggested it, because for 
me, it rocks. If you *really* need a web front-end and don't want to write 
your own, ICRADIUS comes with one. Other people have made other suggestions. 
I'd still recommend XtRADIUS for anybody with the time to do everything 
exactly the way they want. If you're happy to compromise and just get up and 
running quick, you may want to take a look at this:

http://www.freeradius.org/related/

-- 
Paul Robinson




More information about the Ukfreebsd mailing list