Re: [squid-users] Radius Accounting!

From: Azfar Hashmi <azfar.hashmi_at_cloudways.com>
Date: Tue, 13 Nov 2012 20:00:51 +0500

Hi Eliezer,

My clients simply login via browser, squid just ask them for http auth.
Your are right squid is not a NAS hence it does not respect radius
protocols other then simple authentication request. Btw I can achieve
the multi-user login check without external_acl by using "max_user_ip
-s 1" but this is also not working for me because I have Stunnel in
between so all requests finally forwarded to squid via stunnel (instead
of client original ip) and squid feels all users are coming from single
ip (stunnel ip), also ultimately I will have multiple squid servers so
this trick even without stunnel will not gonna work for me accurately as
user will still be able to login from same username on different servers.

On 11/13/2012 7:45 PM, Eliezer Croitoru wrote:
> On 11/13/2012 3:47 PM, Azfar Hashmi wrote:
>> Do have any example? My problem is that I can't play with squid conf
>> whenever a new user is created in radius. Addition/expiration of users
>> should be transparent from squid.
> you dont need to change squid conf more then to use some external_acl
> helper (you will need to write) that does anything related to users by
> usage if IP or any other way.
>
> How does your clients log on?
> Raidus most of the time is being used with some NAS device that
> respects radius polices so in a case you dont have this kind of device
> you should do some thinking and planning of implementing such a feature.
>
> If you will have more info on how things works in your environment I
> can take a peek at it and thing with you on a sensible solution.
>
> Regards,
> Eliezer
>

-- 
AzfarHashmi
Cloudways
Your Managed Cloud
 
e: azfar.hashmi_at_cloudways.com
w: www.cloudways.com <http://www.cloudways.com>
 
PGP keyid: 0xF42034B0F915D729
http://keyserver.pgp.com
 
Received on Tue Nov 13 2012 - 15:01:02 MST

This archive was generated by hypermail 2.2.0 : Wed Nov 14 2012 - 12:00:04 MST