Liviu Daia wrote:
> I'm trying to setup user accounting for a dialin service that I
> inherited at work. My configuration:
>
> - a Cyclades multiport connected to 8 modems;
> - a few users with their shells set to /usr/sbin/pppd;
> - kernel version 2.2.4;
> - pppd version 2.3.6.
>
> (more details available upon request).
>
> Everything seems to be working fine, users are able to connect and
> so on, but now I'd like to have some sort of accounting of the time
> people spend online. My first attempt was to write a small program
> that sends start and stop records to an SQL server, and call it from
> /etc/ppp/ip-up and /etc/ppp/ip-down. However, the ip-up and ip-down
> scripts don't seem to be called at all. I'm aware that these scripts
> are invoked with all fd's closed (which, BTW, has proven to be a huge
> PITA in various other situations), but this has nothing to do with my
> problem: if I put f.i.
>
> #! /bin/sh
> /usr/bin/touch /tmp/ppp
>
> in ip-up, the file is not created.
>
> So my questions are:
>
> (1) What's going on here?
> (2) Is there a better approach?
I am in the process of doing something similar. Your configuration
seems very similar to the one I am using. I chose to use auth-up to
start the logging process. The problem is you have to force PAP or CHAP
authentication and deny logins via /bin/login unless you want to modify
/bin/login to log the same information as auth-up and auth-down.
auth-up is executed by pppd immediately after the user is authenticated
and auth-down when user logs out. Both are called with the following
arguments:
interface-name
peer-name
user-name
tty-device
speed
The peer-name will give you the username (because with PAP and CHAP pppd
is executed as root so the user-name argument will give you the user
that owns the pppd process; ie. root). If you write the script or the
program to log the date and time you can do all kinds of wonderful
things, including the user accounting that you want to do. You can log
the login and logout times or communicate with an accounting server. I
am using this to restrict specific groups to the use of certain modems,
since we have modems reserved for specific groups. After looking at it
I realized that if we want to restrict the time that the user spends
online we can do that quite easily as well.
If you know of a better way to do this, I am all ears! :)
Hope it helps...
______________________________________________________________
Gary Piercey ([EMAIL PROTECTED])
Systems Programmer
Dept. of Computer Science, Memorial University of Newfoundland
-
To unsubscribe from this list: send the line "unsubscribe linux-ppp" in
the body of a message to [EMAIL PROTECTED]
