"don't do that." As someone who did this 10+ years, I suggest you do this. * do some hackery to find out how your freeradius server stores the "currently logged in users". It may be in a mysql database, it may be in a disk file, etc, etc * have your redirector query -that- directly, rather than running radwho. When I did this 10 years ago, the radius server kept a "wtmp" style file with current logins which worked okish for a few dozen users, then sucked for a few hundred users. I ended up replacing it with a berkeley DB hash table to make searching for users faster. * then in the helper, cache the IP results for a short period (say, 5 to 10 seconds) so frequent page accesses wouldn't result in a flurry of requests to the backend * keep the number of helpers low - you're doing it wrong if you need more than 5 or 6 helpers doing this.. Adrian 2009/8/8 <michel@xxxxxxxxxx>: > Hello > > Using squid 2.6 on my work, I have a group of users who connect by dial-up > access to a NAS and a server freeradius to authenticate each time they log > my users are assigned a dynamic IP address, making it impossible to create > permissions without authentication by IP address. > > now to assign levels of access to sites are > authenticating against an Active Directory, but I want to change that. > > I want to create a script for when you get a request to the squid from the > block of IP addresses, run a script that reads the username and IP address > from the server freeradius radwho tool that shows users connected + ip > address or mysql from which you can achieve the same process > > and can be compared to a text file if the user is listed, then access it > without authentication of any kind. > > It is possible to do this? > > Sorry for my english, is very poor. > > Thanks > > Michel > > > > > > ---------------------------------------------- > Webmail, servicio de correo electronico > Casa de las Americas - La Habana, Cuba. > >
