|
|
|
|
|
|
| ISP Resources |
| ISP-Lists ISP Glossary ISP News The List ISPCON Events Free Newsletters |
|
|
|
||
| internet.commerce | ||
|
Partner With Us |
The Limits of RADIUS
Members of the ISP-Tech list find that a simple discussion about denying concurrency evolves into a complex evaluation of the benefits and quirks of the various RADIUS products.
| [June 6, 2002] |
 |
On the ISP-Tech list in May, DC queried,
"I need to restrict all users to just one session. I'm using Livingston RADIUS 2.1. Does anyone know how to deny simultaneous sessions?"
DD noted that it's likely to require some extra work with Livingston:
"Livingston RADIUS doesn't support this, except through the port limit statement for ISDN connections. It doesn't work for modem connections. We use MaxStat to accomplish this, and it works very well. It also gives you an easy way to monitor who is online. It can automatically export this data to a web page, which makes it easy for your techs to check out customer connections without having access to your PortMasters."
AC suggested that, for a number of other products, it shouldn't be a problem:
"Cistron, Free RADIUS, IC-RADIUS, Radiator, and Steel-Belted RADIUS servers all support that functionality. To the best of my knowledge, Lucent RADIUS does not support the simultaneous-use parameter, though it has been some time since I used their products."
Others offered some specific ideas on how to control users:
[TY offered] "We use a program called TSMON to watch all our systems for multiple users. It even has a nice exempt file that it reads in so that you can allow certain users the ability to connect more than once, i.e. ISDN, offsite support staff, etc. If two people connect to the same account, it waits about 2-3 minutes and kicks either the first connect, the second connect, or both, and e-mails the offending user as to why they were kicked. It can also be used to watch line campers, though this feature does take a bit of tuning."
[TM advised] "Try this: port-limit=1."
[DW added] "In our default profile we have: Ascend:Ascend-Maximum-Channels=1. Unless you're using an Ascend NAS, you may need to alter that slightly."
—End
| Related articles: | |||
| [March 6, 2002] | CERT Warns of Two RADIUS Flaws | ||
| [Feb. 8, 2002] | The Diameter of Security is Twice the RADIUS | ||
| [April 11, 2001] | Defying Double Dippers: Funk Concurrency Server | ||
|
|
|
| Best of ISP-Planet | ||
|---|---|---|
|
ISP-Planet
Guide
ISP-Planet's Principal Studies Directories:
Q2 2008 Top U.S. ISPs by Subscriber (Updated 08/29/2008)
ISP-Planet's Blogroll | ||
ISP-Planet's
RSS feed
