[freeside] export

Dana Hudes dhudes at hudes.org
Tue Jan 8 16:29:01 PST 2002


----- Original Message ----- 
From: "Dave Burgess" <burgess at mitre.org>
To: <ivan-freeside at sisd.com>
Sent: Monday, January 07, 2002 3:28 PM
Subject: Re: [freeside] export


> we could allow read access from the RADIUS server to the data in the database and be able to skip one whole level of file
> indirection.

Right but you would have a user table per realm (if you will, the name of the per-realm user table is the name of the realm).


>  We just extend the paradigm that we have established by having the RADIUS server files get built by FreeSide.
Right. Freeside populates the database. The question is what is the structure of the database at the table level (not what fields are in the table).

> 
> 2)  We can use the RADIUS Accounting tables to track utilization and optionally (as soon as someone writes it) bill for it.

I'm vaguely working on billing for usage as part of my overall RADIUS accounting project. Its sort of a problem of interest and I've some amount of funding but not enough.
I actually don't use freeside btw.
I rolled my own basic user auth database and am working on something more. I watch freeside for issues and ideas
as I design my own system based on xtradius.

>the per-realm user files is interesting - can you do that without relying on huntgroups?  

They are unrelated. 

>Specifically, can you do multiple per-realm user files on a
> single server being fed from 7 NASes?  

Sure. But, users can't log in as foo. They have to login as foo at realm 

>>Like I said, I'm revisiting RADIUS servers again for the first time in several years and could stand a quick refresh.  From what
> I've been reading (in FreeRadius, since it was the last one I read), the server ends up with a single, cached user file which has the capability to deconflict 'overloaded'
> usernames with unique passwords.

They don't have to have unique passwords. The username is unique within the realm. In SQL parlance, the username is a primary key in the <realm>-user table and as such it has to be unique.
Your alternative is that the key is the username+password.  That has implications for all sorts of stuff. If you change your password the key changes and the index has to be rebuilt (if you're using an index).


>  Whether the realms are assumed or specified doesn't seem to matter.  At least, not after the cursory examination I've >given it since
> Saturday.  If you wouldn't mind, I'd like to pick your brain a little bit 'off list'.

you can come over to the xtradius list.  
 
> >
> > > Probably best way is to do auth for radius from freeside and accounting on
> > > different server.
> > > like Radiator type... or just change things in icradius/freeradius config
> > > files.
> > >




More information about the freeside-users mailing list