Simultaneous-Use per NAS
Roberto Greiner
mrgreiner at gmail.com
Fri Aug 31 14:39:25 CEST 2007
I've got through the same problem, and based in some help I got here
from the list I managed to solve the problem with a simple change to
sql.conf, modifying the "simul_count_query".
The original entry:
simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
The one I use:
simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0 AND NASIPAddress = '%{
NAS-IP-Address}'"
Basically, all I am doing is checking if the user is already logged
specifically in the current NAS.
Just an extra note: You will probably need to play a little with the
hints, proxy and users files to get the behavior you wish. In our case,
due to some policies from the university, in some NAS we wanted users to
type their domains, in other NAS we wanted them without domain. Took
some time to make it work....
Roberto
tnt at kalik.co.yu wrote:
> http://wiki.freeradius.org/Rlm_sql
>
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 31/8/2007, "Svend Eriksen" <se at metro-remote.no> pi¹e:
>
>> I'm sorry, but I dont understand what you mean. Can you please explain?
>>
>> reg
>> Svend
>>
>> tnt at kalik.co.yu skrev:
>>> Make multiple sql instances - one for each NAS.
>>>
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>
>>> Dana 31/8/2007, "Svend Eriksen" <se at metro-remote.no> pi¹e:
>>>
>>>
>>>> On 8/30/07, *Svend Eriksen* <se at metro-remote.no
>>>> <mailto:se at metro-remote.no>> wrote:
>>>>
>>>>> Hi,
>>>>> We run freeradius 1.1.6 against postgresql 8.1.
>>>>>
>>>>> With the current configuration the user can only login one time
>>>>> simultaneously. What I want is that a user can login only one time per
>>>>> NAS, but that the user can login on several NASes at the same
>>>>> time. The
>>>>> reason for this is that a user can move between NASes without the need
>>>>> to logout from the NAS he is leaving.
>>>>>
>>>>> The user can only login to NASes that is in a group that he is a
>>>>> member
>>>>> of (this already works today).
>>>>>
>>>>> Is it also possible to set the "Simultaneously-Use" as a default value
>>>>> for all users, so we don't have to set it on all the groups?
>>>>>
>>>>>
>>>>> Here are the lines from the database
>>>>>
>>>>> SELECT * FROM radcheck
>>>>> 40 | user1 | Cleartext-Password | := | kebab1
>>>>> 41 | user1 | Expiration | := | Dec 31 2050 00:00:00
>>>>>
>>>>> SELECT * FROM radusergroup
>>>>> user1 | testusergroup | 0
>>>>>
>>>>> SELECT * FROM nas
>>>>> 7 | 10.0.0.1 <http://10.0.0.1> | NAS1 | other | | naspw
>>>>> 8 | 10.0.0.2 <http://10.0.0.2> | NAS2 | other | | naspw
>>>>>
>>>>> SELECT * FROM radgroupcheck
>>>>> 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1
>>>>> <http://10.0.0.1>
>>>>> 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2
>>>>> <http://10.0.0.2>
>>>>> 17 | testusergroup | Simultaneous-Use | := | 1
>>>>>
>>>>>
>>>>>
>>>>> reg
>>>>> Svend Eriksen
>>>>>
>>>>>
>>>>>
>>>>> Hi,
>>>>> Why don't you just add Simultaneous-Use for each user to radcheck?
>>>>> As I understand you correctly, that would solve the problem, right?
>>>>> I don't know how you actually add the new users, but it can easily be
>>>>> done to give them that attr. as a default one.
>>>>>
>>>>>
>>>>> Kind Regards,
>>>>> Yves
>>>>>
>>>>>
>>>> This is what I do today. The problem occurs when a user leaves a NAS
>>>> without logging out, and then tries to connects to another NAS. The
>>>> second NAS will ask for a new login, but freeradius will answer that the
>>>> user is already logged in.
>>>> The solution I am looking for is that a user only can have one
>>>> simultaneously login per NAS, but that the user can be logged in
>>>> simultaneously on different NASes.
>>>>
>>>> reg
>>>> Svend
>>>> -
--
-----------------------------------------------------
Marcos Roberto Greiner
Os otimistas acham que estamos no melhor dos mundos
Os pessimistas tem medo de que isto seja verdade
Murphy
-----------------------------------------------------
More information about the Freeradius-Users
mailing list