[squid-users] Radius Accounting!

[Azfar Hashmi]

Hi all,

I am using Squid 2.7 Stable9 (Debian Squeeze package) and i am using
squid_radius_auth helper to perform authentication from radius
(Freeradius 2.x) and this is working fine. Now the problem is that I
want to do accounting in radius and for it I need squid to send
accounting start / stop, interim updates etc to radius but it does not
sending anything to radius except authentication requests. I want to
confirm that is it even possible to do it with squid (log session time,
bandwidth etc in radius)? is there any other radius plugin which can do
it? or squid simply does not support these things? I can also try to
hack squid_radius_auth helper code to add this functionality but first I
need to confirm whether it will worth or squid simply do not support
such things.

I have also tried pam_auth helper with radius but it made no difference
as well.

Thanks in advance.

-- 

AzfarHashmi

Cloudways

Your Managed Cloud

 

e: azfar.has...@cloudways.com

w: www.cloudways.com 

 

PGP keyid: 0xF42034B0F915D729

http://keyserver.pgp.com

 

Re: [squid-users] Radius Accounting!

[Azfar Hashmi]

On 11/7/2012 4:55 PM, Eliezer Croitoru wrote:
> On 11/7/2012 1:37 PM, Azfar Hashmi wrote:
>> Hi all,
>>
>> I am using Squid 2.7 Stable9 (Debian Squeeze package) and i am using
>> squid_radius_auth helper to perform authentication from radius
>> (Freeradius 2.x) and this is working fine. Now the problem is that I
>> want to do accounting in radius and for it I need squid to send
>> accounting start / stop, interim updates etc to radius but it does not
>> sending anything to radius except authentication requests. I want to
>> confirm that is it even possible to do it with squid (log session time,
>> bandwidth etc in radius)? is there any other radius plugin which can do
>> it? or squid simply does not support these things? I can also try to
>> hack squid_radius_auth helper code to add this functionality but first I
>> need to confirm whether it will worth or squid simply do not support
>> such things.
>>
>> I have also tried pam_auth helper with radius but it made no difference
>> as well.
>>
>> Thanks in advance.
>
> Hey Azfar,
>
> As you may noticed this is auth helper and not related in any way to
> accounting.
>
> Squid dosnt have any accounting mechanism else then in delay pools as
> far as I can remember.
>
> This can be a nice feature.
>
> Radius accounting usually works on routing basis since it's based on
> IP level.
> I have been using a bit freebsd with MPD that can work with radius and
> accounting.
>
> if you are using sort of LNS you should do it there and not in the
> squid machine.
>
> Regards,
> Eliezer
>
So there is no workground except manually parsing squid logs and feeding
radius database?

-- 

AzfarHashmi

Cloudways

Your Managed Cloud

 

e: azfar.has...@cloudways.com

w: www.cloudways.com <http://www.cloudways.com>

 

PGP keyid: 0xF42034B0F915D729

http://keyserver.pgp.com

 

Re: [squid-users] Radius Accounting!

[Azfar Hashmi]

Thanks for the information.

It seems also impossible to control radius level simultaneous-use check
to me, can anyone confirm it?

On 11/8/2012 5:42 PM, Eliezer Croitoru wrote:
> On 11/8/2012 2:14 PM, Azfar Hashmi wrote:
>> So there is no workground except manually parsing squid logs and feeding
>> radius database?
> Not that I know of.
> I think that most of the needed code for the option is there and also
> can be fetched by SNMP.
> take a look at: http://wiki.squid-cache.org/Features/Snmp#Squid_OIDs
> at the part of "Client Table".
>
> Regards,
> Eliezer
>


-- 

AzfarHashmi

Cloudways

Your Managed Cloud

 

e: azfar.has...@cloudways.com

w: www.cloudways.com <http://www.cloudways.com>

 

PGP keyid: 0xF42034B0F915D729

http://keyserver.pgp.com

 

Re: [squid-users] Radius Accounting!

[Azfar Hashmi]

My scenario is simple that different customers should not be able to
login simultaneously from a same username.

Or

If username "A" is being used by x.x.x.x IP address then user "A" should
not be able to login from y.y.y.y IP address at same time.

On 11/13/2012 5:57 PM, Eliezer Croitoru wrote:
> On 11/13/2012 2:40 PM, Azfar Hashmi wrote:
>> Thanks for the information.
>>
>> It seems also impossible to control radius level simultaneous-use check
>> to me, can anyone confirm it?
> And what do you mean by that?
> To control what exactly?
> Radius is for most likely used with a per IP to user level.
>
> Eliezer


-- 

AzfarHashmi

Cloudways

Your Managed Cloud

 

e: azfar.has...@cloudways.com

w: www.cloudways.com <http://www.cloudways.com>

 

PGP keyid: 0xF42034B0F915D729

http://keyserver.pgp.com

 

Re: [squid-users] Radius Accounting!

[Azfar Hashmi]

Do have any example? My problem is that I can't play with squid conf
whenever a new user is created in radius. Addition/expiration of users
should be transparent from squid.
 
On 11/13/2012 6:40 PM, Eliezer Croitoru wrote:
> On 11/13/2012 3:31 PM, Azfar Hashmi wrote:
>> My scenario is simple that different customers should not be able to
>> login simultaneously from a same username.
>>
>> Or
>>
>> If username "A" is being used by x.x.x.x IP address then user "A" should
>> not be able to login from y.y.y.y IP address at same time.
> Well it's a basic feature of radius.
> It's not a feature inside squid but you are able to allow or deny
> access using external_acl.
> What you can do in squid is to write external_acl that will deny
> access\login using specific user while it's being logged in using
> another IP.
>
> Regards,
> Eliezer
>


-- 

AzfarHashmi

Cloudways

Your Managed Cloud

 

e: azfar.has...@cloudways.com

w: www.cloudways.com <http://www.cloudways.com>

 

PGP keyid: 0xF42034B0F915D729

http://keyserver.pgp.com

 

Re: [squid-users] Radius Accounting!

[Azfar Hashmi]

Hi Eliezer,

My clients simply login via browser, squid just ask them for http auth.
Your are right squid is not a NAS hence it does not respect radius
protocols other then simple authentication request. Btw I can achieve
the multi-user login check without external_acl  by using "max_user_ip
-s 1" but this is also not working for me because I have Stunnel in
between so all requests finally forwarded to squid via stunnel (instead
of client original ip) and squid feels all users are coming from single
ip (stunnel ip), also ultimately I will have multiple squid servers so
this trick even without stunnel will not gonna work for me accurately as
user will still be able to login from same username on different servers.  

On 11/13/2012 7:45 PM, Eliezer Croitoru wrote:
> On 11/13/2012 3:47 PM, Azfar Hashmi wrote:
>> Do have any example? My problem is that I can't play with squid conf
>> whenever a new user is created in radius. Addition/expiration of users
>> should be transparent from squid.
> you dont need to change squid conf more then to use some external_acl
> helper (you will need to write) that does anything related to users by
> usage if IP or any other way.
>
> How does your clients log on?
> Raidus most of the time is being used with some NAS device that
> respects radius polices so in a case you dont have this kind of device
> you should do some thinking and planning of implementing such a feature.
>
> If you will have more info on how things works in your environment I
> can take a peek at it and thing with you on a sensible solution.
>
> Regards,
> Eliezer
>


-- 

AzfarHashmi

Cloudways

Your Managed Cloud

 

e: azfar.has...@cloudways.com

w: www.cloudways.com <http://www.cloudways.com>

 

PGP keyid: 0xF42034B0F915D729

http://keyserver.pgp.com

 

[squid-users] delays in squid.

[Azfar Hashmi]

I am running squid on a 3ghz p4 processor with 1gb ddr ram. My max
simaltanous users are 250 and average 100. I have a 3.5mb circuit on
it. I have a 160GB SATAII harddrive on it.
My problem is i am getting huge delay with squid (5-10sec in each
request and some times more) on peak hours but if i bypass the squid
every thing is perfect and page complete in just 1 sec normaly.

I have defined 20GB in cache_dir.

I want to know with that hardware how many users squid can handle and
how much bandwidth it can handle?

Re: [squid-users] delays in squid.

[Azfar Hashmi]

###
squidclient mgr:info
###
HTTP/1.0 200 OK
Server: squid/2.6.STABLE12
Date: Sat, 29 Sep 2007 08:27:35 GMT
Content-Type: text/plain
Expires: Sat, 29 Sep 2007 08:27:35 GMT
Last-Modified: Sat, 29 Sep 2007 08:27:35 GMT
X-Cache: MISS from proxy.eworld.net.pk
X-Cache-Lookup: MISS from proxy.eworld.net.pk:3128
Via: 1.0 proxy.eworld.net.pk:3128 (squid/2.6.STABLE12)
Proxy-Connection: close

Squid Object Cache: Version 2.6.STABLE12
Start Time: Thu, 27 Sep 2007 07:43:03 GMT
Current Time:   Sat, 29 Sep 2007 08:27:35 GMT
Connection information for squid:
Number of clients accessing cache:  1
Number of HTTP requests received:   922891
Number of ICP messages received:0
Number of ICP messages sent:0
Number of queued ICP replies:   0
Number of HTCP messages received:   0
Number of HTCP messages sent:   0
Request failure ratio:   0.00
Average HTTP requests per minute since start:   315.6
Average ICP messages per minute since start:0.0
Select loop called: 79249222 times, 2.214 ms avg
Cache information for squid:
Request Hit Ratios: 5min: 0.0%, 60min: 0.0%
Byte Hit Ratios:5min: -0.0%, 60min: -0.0%
Request Memory Hit Ratios:  5min: 0.0%, 60min: 0.0%
Request Disk Hit Ratios:5min: 0.0%, 60min: 0.0%
Storage Swap size:  1938180 KB
Storage Mem size:   130292 KB
Mean Object Size:   15.32 KB
Requests given to unlinkd:  0
Median Service Times (seconds)  5 min60 min:
HTTP Requests (All):   0.0  0.0
Cache Misses:  0.0  0.0
Cache Hits:0.0  0.0
Near Hits: 0.0  0.0
Not-Modified Replies:  0.0  0.0
DNS Lookups:   0.0  0.0
ICP Queries:   0.0  0.0
Resource usage for squid:
UP Time:175471.316 seconds
CPU Time:   610.098 seconds
CPU Usage:  0.35%
CPU Usage, 5 minute avg:0.00%
CPU Usage, 60 minute avg:   0.00%
Process Data Segment Size via sbrk(): 178100 KB
Maximum Resident Size: 0 KB
Page faults with physical i/o: 1
Memory usage for squid via mallinfo():
Total space in arena:  178100 KB
Ordinary blocks:   176144 KB188 blks
Small blocks:   0 KB  0 blks
Holding blocks: 15624 KB  3 blks
Free Small blocks:  0 KB
Free Ordinary blocks:1955 KB
Total in use:  191768 KB 99%
Total free:  1955 KB 1%
Total size:193724 KB
Memory accounted for:
Total accounted:   164076 KB
memPoolAlloc calls: 119417680
memPoolFree calls: 118542404
File descriptor usage for squid:
Maximum number of file descriptors:   65535
Largest file desc currently in use: 14
Number of file desc currently in use:   12
Files queued for open:   0
Available number of file descriptors: 65523
Reserved number of file descriptors:   100
Store Disk files open:   0
IO loop method: epoll
Internal Data Structures:
127459 StoreEntries
 21644 StoreEntries with MemObjects
 21643 Hot Object Cache Items
126496 on-disk objects

##
squidclient mgr:5min  | grep client

client_http.requests = 0.00/sec
client_http.hits = 0.00/sec
client_http.errors = 0.00/sec
client_http.kbytes_in = 0.00/sec
client_http.kbytes_out = 0.01/sec
client_http.all_median_svc_time = 0.00 seconds
client_http.miss_median_svc_time = 0.00 seconds
client_http.nm_median_svc_time = 0.00 seconds
client_http.nh_median_svc_time = 0.00 seconds
client_http.hit_median_svc_time = 0.00 seconds

On 9/27/07, Tek Bahadur Limbu <[EMAIL PROTECTED]> wrote:
> Hi Azfar Hashmi,
>
>
> Azfar Hashmi wrote:
> > I am running squid on a 3ghz p4 processor with 1gb ddr ram. My max
> > simaltanous users are 250 and average 100. I have a 3.5mb circuit on
> > it. I have a 160GB SATAII harddrive on it.
> > My problem is i am getting huge delay with squid (5-10sec in each
> > request and some times more) on peak hours but if i bypass the squid
> > every thing is perfect and page complete in just 1 sec normaly.
>
>
> For a bandwidth pipe of 3.5 mbps, your Squid box should be able to
> support 250 users. By which means do you get you bandwidth?
>
> Do you have large ACLs used for filtering in your Squid box? If yes,
> then the problem of the huge delay could be attributed to your ACLs.
>
> Posting your squid.conf might help? Which OS, firewall and versi