Frank Cusack wrote: >>pam_radius_auth will never generate accounting records. >> > >Sure it will. >
I do not know why, it is not generating any record for me. I will repeat my pam.d/squid file: # auth required /lib/security/pam_securetty.so session required /lib/security/pam_radius_auth.so debug account required /lib/security/pam_radius_auth.so debug auth required /lib/security/pam_radius_auth.so > >>That "account" line is not really for accounting. >> > >I don't have the rest of this thread, but yes, the "account" line in >pam.conf (or whatever on your platform) is not for radius accounting, >it is for system "account" services such as checking password expiry. > >Use the PAM "session" module to have pam_radius_auth generate radius >accounting records. I don't know that this will be useful for squid; >you'll have tons of start/stop records. > Definitely we do not want tons of start/stop records. But I am not getting even a milligram of it :-). On a more serious note, can not we arrange to have two records at authentication. Two simultaneous records for start and stop. The session time set to ttl. Then if ttl is set to fifteen minutes, a user will be billed for fifteen minutes after he authenticates. I know that he will be still be billed for fifteen minutes when he uses the Internet for only two minutes. But that could be a solution for our university where we have limited VSAT bandwidth and too many users. We wanted to limit the usage per user to a limited number of hours per month. At the same time we wanted to allow the user have a detailed picture of the usage (radiusreport etc.) We have even tested the above two-start-stop-record scenario using a shell script calling radclient, and it works nearly perfect. But this solution is consuming heavy system resources due to the innumerable child processes generated making our proxy server unbearably slow. If I had some time, I would have tried to add these features to pam_radius_auth. But my (1) heavy academic load and (2) almost zero knowledge of pam module programming, stops me from doing this. Dr. Muhammad Masroor Ali - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
