poptop_ads_howto_12.htm 5.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105
  1. <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
  2. "http://www.w3.org/TR/html4/loose.dtd">
  3. <html>
  4. <head>
  5. <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
  6. <title>Poptop MSCHAP2 ADS Howto</title>
  7. </head>
  8. <body>
  9. <p><strong>18. pptp Server Administration </strong></p>
  10. <p>This section covers a few tricks on pptp server management. It is far from a complete guide. Any suggestions are welcome.</p>
  11. <p>The packages <strong>psacct</strong> and <strong>SysVinit</strong> are required for the utilities used in here. They should be installed by default. If they are not, please install them through yum.</p>
  12. <blockquote>
  13. <pre>[root@pptp ~]# yum install psacct SysVinit </pre>
  14. </blockquote><p></p>
  15. <hr>
  16. <strong><a name="whoisonline"></a>18.1 Who is Online?</strong>
  17. <p>To check who is online, the &quot;last&quot; command is used:</p>
  18. <blockquote>
  19. <pre>[root@pptp ~]# last | grep ppp | grep still
  20. James ppp3 202.xx.xxx.xxx Sat Nov 19 17:38 still logged in <br>Andrew ppp1 220.xxx.xxx.xx Sat Nov 19 17:23 still logged in <br>Mary ppp2 1.2.3.4 Sat Nov 19 16:59 still logged in <br>Sue ppp0 202.xx.xxx.xxx Sat Nov 19 16:43 still logged in <br>Mark ppp7 203.xxx.xxx.xxx Sat Nov 19 14:59 still logged in</pre>
  21. </blockquote>
  22. <p><strong><em>last</em></strong> is from SysVinit. It reads the information from /var/log/wtmp. </p>
  23. <p><strong>Note:</strong> for <em><strong>last</strong></em> to work properly, the logwtmp option in the /etc/pptpd.conf must be enabled. If you are sure there are pptp connections but see no output from the above mentioned command, check the logwtmp option in the pptpd.conf file is enabled. </p>
  24. <hr>
  25. <strong><a name="accounting"></a>18.2 Accounting </strong>
  26. <p>The &quot;ac&quot; utility from package psacct will provide a report on the connection time.</p>
  27. <blockquote>
  28. <pre>[root@pptp ~]# ac -d -p
  29. Amy 3.77
  30. George 0.08
  31. Mark 1.78
  32. Richard 0.35
  33. Lee 3.66
  34. Simon 5.78
  35. Nicole 1.05
  36. Nov 1 total 16.46
  37. Amy 2.43
  38. Nicole 8.61
  39. Richard 4.77
  40. Mark 0.90
  41. Lee 4.68
  42. Keith 1.84
  43. Nov 2 total 23.23</pre>
  44. </blockquote>
  45. <p>The <em><strong>ac</strong></em> command reads the information from /var/log/wtmp. It has a lot of options. Read the man page for details. </p>
  46. <p><strong>Note</strong>: <br>
  47. 1.
  48. If you want the statistics from older version of wtmp, use the -f parameter in &quot;ac&quot; to specify the file. <br>
  49. 2. If users use shell to log in the server as well, the ac will return the connection time of both pptp and shell connections.
  50. </p>
  51. <hr>
  52. <strong><a name="disconnect"></a>18.3 Disconnect a User</strong>
  53. <p>To disconnect an active connection, you will have to kill the pppd process associate with it. Firstly, run the command in section 16.1 to find out the remote ip address of the user. Say you want to disconnect Mary, her ip address in the above example is 1.2.3.4. Then, find the PID of the pppd process.
  54. </p>
  55. <blockquote>
  56. <pre>[root@pptp /]# ps -ef | grep 1.2.3.4 | grep pppd
  57. root 8672 8671 0 16:59 ? 00:00:00 /usr/sbin/pppd local file /etc/ppp/options.pptpd 115200
  58. 10.0.0.10:10.0.0.124 ipparam 1.2.3.4.
  59. plugin /usr/lib/pptpd/pptpd-logwtmp.so
  60. pptpd-original-ip 1.2.3.4</pre>
  61. </blockquote>
  62. <p>The second field of the output, 8672 in our example, is the PID of the pppd process. Kill the process will disconnect the user.</p>
  63. <blockquote>
  64. <pre>[root@pptp /]# kill 8672</pre>
  65. </blockquote><br>
  66. <hr>
  67. <strong><a name="oneconnection"></a>18.4 Allow Only One Connection per User</strong>
  68. <p>By default, a user can make multiple connections to the pptpd server. To restrict one connection per user, create two script files in the /etc/ppp directory. When the same user logs in twice, the first connection will be disconnected. This is actually done on the ppp level, not with the pptpd. </p>
  69. <p>The first file is /etc/ppp/auth-up</p>
  70. <blockquote>
  71. <pre>
  72. #!/bin/sh
  73. # get the username/ppp line number from the parameters
  74. PPPLINE=$1
  75. USER=$2
  76. # create the directory to keep pid files per user
  77. mkdir -p /var/run/pptpd-users
  78. # if there is a session already for this user, terminate the old one
  79. if [ -f /var/run/pptpd-users/$USER ]; then
  80. kill -HUP `cat /var/run/pptpd-users/$USER`
  81. rm /var/run/pptpd-users/$USER
  82. fi
  83. # write down the username in the ppp line file
  84. echo $USER &gt; /var/run/pptpd-users/$PPPLINE.new
  85. </pre>
  86. </blockquote>
  87. <p>The second file is /etc/ppp/ip-up.local</p>
  88. <blockquote>
  89. <pre>
  90. #!/bin/sh
  91. REALDEVICE=$1
  92. # Get the username from the ppp line record file
  93. USER=`cat /var/run/pptpd-users/$REALDEVICE.new`
  94. # Copy the ppp line pid
  95. cp &quot;/var/run/$REALDEVICE.pid&quot; /var/run/pptpd-users/$USER
  96. # remove the ppp line record file
  97. rm &quot;/var/run/pptpd-users/$REALDEVICE.new&quot;
  98. </pre>
  99. </blockquote>
  100. <p>The method presented here may not be the best one, but it works for me. (If you have a better way, please let me know.)</p>
  101. <hr>
  102. <a href="poptop_ads_howto_a1.htm">Next</a> &nbsp;&nbsp;<a href="poptop_ads_howto_11.htm">Previous</a>&nbsp;&nbsp;<a href="poptop_ads_howto_1.htm#toc">Content</a>
  103. </body>
  104. </html>