> I'm doing something similar on my Linux terminal servers, and also
> considered it a nasty hack...but it works relatively well. I have each
> terminal server finger the other terminal servers every 60s. Each saves
> this info in files and checks these files plus utmp whenever a new login
> occurs. This wouldn't scale well though, and would do much better
> integrated into radiusd so that the finger traffic/load would be reduced.
I have started the bones of a fairly well thought out way of doing this.
The first step was keeping track of all logins/logouts in a central
repository. I have implemented this using mSQL as the underlying
database. This will allow multiple PM2E's, Linux boxen and even multiple
radius servers to share the database quite efficiently. This part is up
and running.
Now onto some finer points:
I use the accounting stop and start records, not particulary elegant, but
it's working so far.
2. The "bumper" program will be external to the radiusd and run every 60
seconds. This will allow some users to "steal" a few extra minutes,
but the kicker is, we're going to bump the "oldest" session. I've timed
the sql queries in the database and they're very fast.
3. Some users are allowed to have multiple logins, but the fact that dual
channel ISDN sessions look just like multiple logins (accounting wise)
will cause us to have to do some extra error checking. We'll just
implement an extra table in the mSQL database for this.
4. The bumper program will be "smart" in that it will not ever kill the
current login, only attempt to kill the "old" login and only if it can
determine that the "old" login is still in progress. This will require
some platform specific code, since we run multiple radius client
platforms.
5. Email gets sent to the support staff first, not the user. When the
user calls, we'll know why. :-) Then, they get the riot act, right over
the phone. ;-)
All in all, this ought to have the desired effect, which is to deter the
user from sharing his account, dropping our user/modem ratio into the
bit-bucket.
Later,
-----------------------------------------------------------------------------
Joe Portman - Alternate Access Inc. Affordable, Reliable Internet
baron@aa.net Seattle: (206) 443-3408 Seattle: (206) 777-7777
Tacoma: (206) 927-6010 Federal Way: (206) 838-8457
Bellevue: (206) 455-8414 Olympia: (360) 458-7279
Enumclaw: (206) 862-9423 Black Diamond : (206) 288-8809
To setup your account: set modem to 8-n-1, login as "new"
For questions or support, call our voice line (206) 728-9585.
-----------------------------------------------------------------------------