freeradius and dynamic ip allocation
paul at iconoplex.co.uk
Thu May 29 10:09:27 BST 2003
Again, back to the list for the googlers out there...
On Wed, May 28, 2003 at 05:41:53PM +0100, Robin Garbutt wrote:
> oh, and what sort of logging does xtradius provide? this is quite
It throws you the accounting and authentication packets and passes them as
command-line arguments to your script. What you do with them there is your
voodoo, and only your voodoo. :-)
> important so I know who's logged on, for how long, when they
> disconnected, wrong user names and passwords and possibly what traffic
> they have down/uploaded and sites surfed...is this possible? I know
> freeradius only offer half this.
Ouch. OK, there are certain things your RAS (which is responsible for
sending the accounting packets) can tell you and certain things it can't.
You can certainly grab who is logged in and for how long. You can also
produce audit trails of when users logged on historically and for how long
etc. You can of course log wrong usernames/passwords, and the byte count of
uploads/downloads. If you want to see the sites surfed (why on earth you
would want to, and in the UK at least it's agains the law unless you're
acting on behalf of their employer) you're going to need to put a Squid
reverse proxy (note the reverse) in place and match up IP/time on your
radius logs with the logs there.
Of course, the easiest way to do that is to give everybody a static IP
address, and keep your existing config.
I think you need to work out exactly what you want. It might be if you're
new to RADIUS, XtRADIUS might be overkill for what you want right now,
unless you need it as part of a bigger system. I suggested it, because for
me, it rocks. If you *really* need a web front-end and don't want to write
your own, ICRADIUS comes with one. Other people have made other suggestions.
I'd still recommend XtRADIUS for anybody with the time to do everything
exactly the way they want. If you're happy to compromise and just get up and
running quick, you may want to take a look at this:
More information about the Ukfreebsd