Frank Cusack wrote: > On Wed, Sep 11, 2002 at 12:21:55AM +1000, Brett Maxfield wrote: > > (ppp can rechallenge the user when doing chap; which I assume is what > you are going for here--I can't think of another scenario where you > re-authorise users)
My bad :) My understanding is that authentication basically happens once, at logon. What i would like is for some external agent (not radius) to create a list of online users (via SNMP or Telnet/Finger) and periodically re-query that list of users against the radius server to see if they would be authenticated, based on the current situation. An example of this is that you specify a group that says that user may ony connect on saturdays and sundays, which is fine unless they connect late sunday and stay connected until the following saturday (i exaggerate just slightly to make my point) One solution would be to calculate the session time until the next time the authentication would fail, say 12pm on sunday at logon. I guess this could be dne with scripts, but it makes the assumption you counter is time for which there is a control. This particular would fall down if you wanted to immediately stop a user when they went over something like a bytes-downloaded-per-day counter. Generic re-authorization would also allow you to kick off a user after setting them to be disabled, as the next status check would have them kicked off because they would fail authorization at that time. Cheers Brett - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
