Situation: Various LAN users from different companies sharing 1 DSL link. We need to bill people for their data usage. Simply assigning static IPs and using IP accounting won't work because people can simply change their IP and have a free lunch.

I don't think radius will work because it's really aimed at a RAS environment, not a LAN.

Could always make people authenticate with SQUID before they get web access but this doesn't stop them from changing their IP when they want to leech an ISO off a warez ftp http://discussions.linuxplanet.com/smile.gif

Any ideas? I don't think an honour system will work when money's involved.. hehehe...

You can get your DSL router to send RADIUS queries to you, and you only send them the information required to route if they authenticate :-) Then you can indeed track per-session data flow with RADIUS accounting.

Interesting....

got a big fat wad of documentation handy for me to wade through? heh.

yum documentation *looks at watch* hmm 6:17pm. bugger that I'll read up on it tomorrow. no point starting something work-related after 6, I'd rather go home!

Sorry no docs from me. My experience with this sort of thing was when I was an admin at an ISP that decided to offer ADSL service. Since I was the guy who set up the radius server, our telco came to me and said "we've got a Cisco router at our end which is going to proxy radius requests to your radius servers - go set it up." As far as I was concerned it was just another radius client connecting. How the telco configured their Cisco I couldn't tell you but I know they had it set up (probably using realms) so that it "knew" to forward queries from our customers to our radius servers. And as I was unfortunate enough to find out, denying access to a given customer need be no harder than sending a radius reply attribute that the proxy wasn't expecting!

Of course their Cisco was in turn accepting requests from a special ADSL black box that the telco dumped into the customer's 'phone line. I am unaware of what magic went on between those two pieces of equipment.
Good luck anyway.

Geoff, where you been dude?
Steel Belted Radius, and Ascend Radius are both solutions that would work for your problem. However, they're fairly costly. Check out: http://www.funksoftware.com and the ascend site.

Eccentric, put my head in the sand for a while in regards to linux and stopped bothering to learn stuff. But I started a new job which is improving my Win9x/NT4 skills (more NT... I know Win9x really well anyway) and to a lesser degree linux. There are some interesting projects which have the option of NT4 or going for linux/freebsd/SCO as a cheaper and quite possibly better solution.

The main issue with unix/linux variants (*n*x? hehe) is that the setup is a lot more complicated. Configuring squid involves editing a big conf file, MS proxy is *click* *point* *click* *point* *click* and you're done (see, even idiots can set up MS software).

Anyway suffice to say it's pushing me back into the world of the free. And I just realised that our old 586 actually works (it stopped booting before, I thought the CPU was long dead) so I installed debian on it. Reinstalled my debian gateway while I was at it as well. So now I have 2 debian PCs at home http://discussions.linuxplanet.com/smile.gif

Anyway I'd better get off to work. catcha.

I recently saw a setup where an office had a 256Kbit leased line to the internet and an NT box serving as a router. The NT was on the same hub as the router with the leased line but also had another NIC which went down to the server room. In the server room was another line out to the internet. People in the office used the NT box as their default gateway but if you tracerouted to one of the machines in the server room from the office the packets went out via the 256K line, around the internet and into the server room from the second line.
"The NT box should be routing packets directly to the server room," I said, "but it clearly doesn't. Why are you using something that so blatantly doesn't work?"

The reply? "Because it's easy to set up."