Actually ... If you get a copy of Radius 2.0 the accounting records
contain
the Dynamic IP address which was assigned to a user at the time of the
connection....
> So, it seems like the only way to track (at least, through RADIUS) which
> IP address was assigned to a user/port for a session would be to set up
> (in the "users" file) a DEFAULT user for each port with a specific IP
> address to be assigned to that port each time a session is activated on
> it. That seems to be a lot of work.
>
> I can see a problem also if the Auth-Type is Local (ie DEFAULT entries
> won't work), which would require user-specific static addresses (or is
> there a way to tell RADIUS to use a password file other than /etc/passwd
> for System authentication?). It seems that it would be appropriate to have
> the PM return the "Framed-IP-Address" (and maybe "Framed-Protocol" as
> well) in the accounting Start record when the IP address is assigned
> dynamically (or anytime it's a Framed session). Similar information is
> returned for Login sessions.
>
Too Late ... It's in there....
> Is the IP assignment information available via some PM "show" command? If
> so, I guess I could have some other process running that periodically ran
> that command on each active port, then parsed the output and stored it in
> a log file.
>
> My application is two-fold: (1) be able to determine who was the culprit
> if some kind of unethical/illegal activity happens on a dial-up session
> and (2) authenticate to other services (ie Web-based accounting interface)
> using a combination of the in-coming IP address and knowing who the PM
> assigned that address to.
>
> Ideas? Help?
>
> Pete Kruckenberg
> pete@inquo.net
Hope the above info helps ... BTW: you can download the latest copy of
Radius from the Livingston FTP server...
Later ... gm...
FWIW: We use the information in the accounting files to keep track of
exactly what you described above ... all you have to do is
modify the scripts for accounting ( on the livingston server )
to give you a report of the user's call time and IP address
assignment ... Makes a great deterent to the would-be "cracker".
later...