simultaneous use, checkrad, and MPP attempts
Kevin Bonner
keb at pa.net
Wed Nov 9 22:20:38 CET 2005
On Wednesday 09 November 2005 00:35, Christopher Carver wrote:
> The proxy'ing radius servers and NAS's of the other company from whom we
> lease equipment are unavailable to checkrad. By default shouldn't it be
> allowing these people on? I looked at the code and it seemed as though
> it should. I set the nastype to other in clients.conf for these entries
> and I still see MPP attempts. Finally, I looked at the source of
> checkrad. I modified the line for "other" nastypes to always return 0,
> which should be interpreted as no multiple login. The numbers you see
> to the left are line numbers
Chris,
Look at the code again. In session.c, the rad_check_ts function is what calls
checkrad. If the nastype is empty or "other", checkrad is _never_ called,
and the function returns 1 (meaning the user is logged in).
We did this simult use bypass by using a nastype called visp, which returns 0
in checkrad. See freeradius bug#166 for a checkrad patch we've been using
here which cleans up the code a bit and makes it easier to add new types.
Any comments/problems can be posted to the bug.
-Kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20051109/ad52b4b3/attachment.pgp>
More information about the Freeradius-Users
mailing list