Date: 16 Aug 2001 17:59:00 +0300 From: "Adrian Pavlykevych" <pam@polynet.lviv.ua> To: freebsd-isp@freebsd.org Subject: Re: RADIUS Accounting with SQUID Message-ID: <20010816175859.E528@polynet.lviv.ua> In-Reply-To: <20010816141325.C19104@jake.akitanet.co.uk>; from paul@akita.co.uk on Thu, Aug 16, 2001 at 02:13:26PM %2B0100 References: <997919908.1446.1202.camel@localhost> <20010815094331.B12922@jake.akitanet.co.uk> <997984620.1446.2253.camel@localhost> <20010816141325.C19104@jake.akitanet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--E39vaYmALEf/7YXx Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Thu, Aug 16, 2001 at 02:13:26PM +0100, Paul Robinson wrote: > On Aug 16, Andrew Reid <andrew.reid@plug.cx> wrote: > > I've not had much to do with RADIUS, but I know that it provides some > > accounting functionality. I thought that the two (SQUID and RADIUS) > > could be mushed together somehow to provide a slightly more workable > > solution to Internet Quota. >=20 > Well. Hmph. OK, this might be quite awkward. The only way I can think of > getting an Accounting-Start is with munging some sort of proxy > authentication. However, you will get a start saying 'this kid has just > started' but will get no more further information until they > de-authenticate, or log-off, thereby causing an accounting-stop which > contains all the information like how long they were logged in for, amount > of data moved, etc. This is because RADIUS is meant for dial-up work - the > fact that people have just managed to make it work elsewhere, particularly > for authentication doesn't mean to say it's the best way to handle this s= ort > of thing. Well, it depends. Squid has no other notion of user session as HTTP session= s (every request or, in case of HTTP 1.1 persistant connection, several req= uests). So, user authentication is done on per connection basis (modulo cac= hing). If we cloud get Squid to call function on every disconnect (same as = access log entry is written), we could get nice sequence of RADIUS accounti= ng Start and Stop packets. =20 > There is a need for this sort of stuff, but in an ISP context, you're goi= ng > to be able to get it off the RADIUS accounting from the dial-up port. In > this context there is a clear start and end to a session. In the situation > you're talking about, we're talking more 'hot-desking', and users may sha= re > machines, or the end of a session might not be as easily visible to the > proxy. You don't have any long living session in Squid, see above. Problems with "= hot-desking" are organizational - same as someone going away from logged in= computer or terminal, and should be handled as such (e.g. administratively= ). Besides, if someone is sloppy or "kind" enough to let others eat his sha= re of network resources, it is his fault and problem. Regards, --=20 Adrian Pavlykevych email: <pam@polynet.lviv.ua> System Administrator phone/fax: +380 (322) 742041 Lviv Polytechnic National University --E39vaYmALEf/7YXx Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iEYEARECAAYFAjt737MACgkQdWQndLibxtDibgCgt7zrbDImrlUkHIfFEJ1xJMdf guEAoI3TQVfllDPRZZ0hpaKT2mHV9Cz8 =CbCZ -----END PGP SIGNATURE----- --E39vaYmALEf/7YXx-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010816175859.E528>