Topic: User Authentication And Accounting

[Kelvin]

Hi All,

I'm looking for recommendations of packages that can do user authentication and usage accounting.

Basically, I want users to log in before they can access the internet (for anything, not just web - therefore they must log in before using e-mails, web, ftp, you get the picture).

Then based on their login, we can account for their usage (either by time or by data transferred)  for billing purposes.

Preferrably, something that can be added on to SME, if not, perhaps a standard RH install ?

TIA !

Kelvin

[Karl McElwain]

You beat me to it....I've been toying with this same idea for about a month now...however for different reasons.  I work for a school system and we're mandated to filter.  Now ethical and freedom of speech issues aside....filtering is only as good as the user.  The kids are slowly realizing that there is a whole different foreign porn out there.

Solution...access logging.  This would help a lot because it would allow us to loosen the restrictions on the filtering and allow more educational content to come down to the user.

Any ideas....is there some type of forced portal?  I'm pretty sure it can be done because one of my friends who works for a wireless company said that one of the new routers can force you to an authentication page before you get online.

That's what I'm looking for.

Any body got any ideas?

[Cyrus Bharda]

I use two modules on my 5.5 U3:

e-smith-squid-0.3-2.i386.rpm from http://www.e-smith.dyndns.org/

This basically prompts the user for a username and password before the get access to the internet. You control usernames and passwords that allow access via the server manager. I also have an addition to this that lets me set static IP's that get net access without authentication.

And SARG:

e-smith-sarg-1.2.3-2.noarch.rpm and
sarg-1.2.1-1.i386.rpm

This shows which username loaded which pages and how long they stayed at that page for, also how much they downloaded through http.

I forgot where I downloaded SARG from but you'll probably find it at contribs.org hopefully, any probe just give us a yell and I can email you the rpms

Cyrus Bharda

[Kelvin]

Hi Cyrus,

Thanks for the input.

I looked at Vincent's e-smith-squid before as well.

Unfortunately, this does not go far enough. The authentication and accounting system must allow/deny access to ALL internet services not just web browsing and also account for all services as well (basically all IP traffic from each user).

Kelvin

[Cyrus Bharda]

You could use ntop to monitor all IP traffic, the only problem I had with it was I did not need to know all IP traffic, just internet traffic. For example I copy/move large files from my computer to my w2k server all the time and in ntop I have about 6 GB IP traffic usage for this month, that does not give me any indication on how much of that was local and how much was remote

Once you find something that does user auth and accounting in the one package and monitors all ip traffic drop me a line because I wouldn't mind something like that too

Cyrus Bharda

[Karl McElwain]

Cyrus....thanks for the tips...I'm going to try to implement both of those RPM's.

Personally I'm mainly interested in web traffic.  My other firewall keeps track or prevents most other unwanted traffic.

If you don't mind emailing me those RPM's...that would be great.

Thanks again for all your help.