radkill
What it is:
A TCL program for cistron-radius (and icradius I imagine) unix systems that watches
your ISP's lines use and when lines become full can disconnect a user based on the
amount of time you set for them.
The original versions were done in BASH, which when I started this ISP was fine with
24-48 lines, but with any more than that it was incredibly slow and cpu intensive.
The TCL version is quite fast and stable, and uses so little cpu I changed the refresh
rate to 1 second.
How it works:
radkill reads the configuration file
it gets a list of the users on the NAS it's told to watch in the config file
if there's more users than you want online it kicks the one with the least time
remaining by calling an external disconnect script.
basically if you configure your radkill correctly for your setup you could really
guarantee that you'll never have busy signals, but on the other hand if you really
have too many users for your lines you'll end up kicking people every 10 mins. So
use it wisely.
- Installation
I'll guess you've untarred it already ;-) if you haven't or don't know how, you have no damn right to be running an ISP.
All you really have to do is untar it, configure it, and run it.
radkill must be run from a user who has read permissions to /var/radwtmp and your users file.
- Configuration
There's quite a bit on this in the config file itself (radkill.conf). What you need to do is set some variables in the config file. (^^ deja vu )
NasName:arc
NasType:usrhiper
AdminUser:administrator
AdminPass:secretsquirl
PrefMax:94
AbsMax:95
OutFile:/home/httpd/yourdomain.com/radkill.txt
MailDomain:nmo.net
The above configuration tells radkill to watch users on NAS arc.
The nastype (usrhiper) is what will be called to disconnect a user (discon-usrhiper)
The adminuser is the username that telnets into the NAS to discon a user
The adminpass is the password for that user
The prefmax is the preferred max users allowed online at any 1 time, if a users has met their minimum time they go away.
The absmax is the absolute max users allowed, if this # is met someone will get kicked, no matter who they are.
OutFile is the filename where the output of radkill will be read from
MailDomain the domain where your users get their mail, will be used later when mailing in implemented - ignore for now.
### users and settings ###
### username:timelimit:minimum:getmail ###
linux:9999999:9999999
cashew:5000:300
cwilson:5000:300
cwatson:240:1
cball:240:1
sawyer:4000:1
jhatt:240:1
debi:240:1
tribune:9999999:9999999
take:600:420
ceynar:5000:300
@:5000:1:Y
This is a list of usernames and the time limits imposed on them.
When a user meets the limit they get disconnected.
When a user has not yet met the minimum they will not get disconnected (unless absmax for the
NAS has been met).
User @ is the default, if a user is not specifically listed @ settings will be used.
Users with a timelimit and minimum of 9999999 will never be kicked.
By setting your absolute max greater than the # of lines you have you will deactivate that feature.
Disconnect Modules:
A disconnect module is an external tcl program that is called to disconnect a user
from whatever brand of concentrator (NAS) you are using. At this time I have only
usrhiper and portslave, if you need one for your hardware please send me email of a telnet
session into your hardware where you disconnect a user such as the clip from a usrhiper below
Escape character is '^]'.
login: administrator
Password:
HiPer>> DISCONNECT USER linux
HiPer>> exit
Connection closed by foreign host.
- NOTE
I wrote this program for my own use, I never really intended to release it to the masses, but with all this killer linux stuff I use from all the rest of the linux community, I figured it was only right to share ;-)
Since I make no money from this program, I cannot guarantee it's functionality, or
be held responsible for any losses this program my cause you.
This program requires the following:
cistron-radius - more specifically the radwho command in the cistron package (if other radius has radwho someone tell me, I can make it work for that radius too)
grep - I use grep 1 time in the tcl program right now for a quick fix to scan the
radius users file for users with names over 10 chars. I will probably write a
routine in tcl eventually for this.
- Apologies
many of you have been using the program for quite some time now without any new official news or updates. I just recently had a new baby boy, and my wife is going to college, so anytime I am not working I am watching our 3 boys. So I haven't had any time to work on this at all. Sorry, you should all be happy with the new tcl version, I have been using it for about a year without a problem.