I think the best way of restricting users by time, port, whatever
is to change the radius daemon to authenticate against an external
program. That is, after it matches the 'users' file, it will
query a program of your choice.
That program would be a perl script, for instance, that will
get all the info about the requested user, and acct accordingly,
basing its decision on whatever algorithm you see fit -- be it
number of users logged on, time of day, ports, even by
the first letter of their real name. :)
What do you think?
-- miguel a.l. paraz <map@iphil.net> iphil communications, makati city, tech problems, to <support@iphil.net> philippines.