FreeRadius V2.0.0 Simultaneous-Use Problems

Dryw Paulic DPaulic at tranzeo.com
Mon Jan 21 20:19:06 CET 2008


Hello Everyone,

On Freeradius Version 2.0.0, I have an issue with Simultaneous-Use.
Multiple logins are being caught, but the issue seems to be that the
checks seem to be catching much more than they should be. In particular,
I was looking at this user:

mysql> select * from radgroupcheck;
+----+-----------+------------------+----+-------+
| id | GroupName | Attribute        | op | Value |
+----+-----------+------------------+----+-------+
|  1 | dynamic   | Auth-Type        | == | Local |
|  2 | static    | Auth-Type        | == | Local |
|  8 | static    | Simultaneous-Use | := | 1     |
|  7 | dynamic   | Simultaneous-Use | := | 1     |
+----+-----------+------------------+----+-------+
4 rows in set (0.00 sec)

mysql> select * from radusergroup where username='Kat';
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| Kat      | static    |        1 |
+----------+-----------+----------+
1 row in set (0.00 sec)

mysql> select * from radcheck where username='Kat';
+------+----------+------------+----+----------------------+
| id   | UserName | Attribute  | op | Value                |
+------+----------+------------+----+----------------------+
| 4946 | Kat      | Password   | == |testing123              |
| 4947 | Kat      | expiration  | := | 15 Feb 2008 15:01:32 |
+------+----------+------------+----+----------------------+
2 rows in set (0.00 sec)

 I took a look at the SQL Queries used by freeradius to check the logins
and decided to run them manually on my sql database:

mysql> SELECT COUNT(*) FROM radacct  WHERE username = 'Kat' AND
acctstoptime = 0;
+----------+
| COUNT(*) |
+----------+
|       16 |
+----------+
1 row in set (0.00 sec)

But if I run:

mysql> select * from radacct where username ='Kat' \G;

*************************** 26. row ***************************
radacctid: 1789
       acctsessionid: 00:0E:0C:2D:18:56:12008736891000
        acctuniqueid: 9d581ecac1736df4
            username: kat
           groupname:
               realm:
        nasipaddress: ###.###.###.###
           nasportid:
         nasporttype: Wireless-802.11
       acctstarttime: 2008-01-20 23:22:02
        acctstoptime: 2008-01-20 23:22:02
     acctsessiontime: 1322
       acctauthentic: RADIUS
   connectinfo_start:
    connectinfo_stop:
     acctinputoctets: 425841
    acctoutputoctets: 170623
     calledstationid: 00:0E:0C:2D:18:56
    callingstationid: 00:13:e8:6a:e1:cf
  acctterminatecause: Admin-Reset
         servicetype:
      framedprotocol:
     framedipaddress: 10.51.2.56
      acctstartdelay: 0
       acctstopdelay: 0
xascendsessionsvrkey: NULL
26 rows in set (0.00 sec)

You can see from the last row returned that they are indeed logged out.
But attempts to login are futile as radpostauth shows:

+------+------+--------+---------------+--------------------------+
| id   | user | pass   | reply         | date                     |
+------+------+--------+---------------+--------------------------+
| 97264 | Kat  | testing123 | Access-Reject | 2008-01-21 09:40:50 |
+------+------+--------+---------------+--------------------------+

The problem is, if you try to log this person in the server saying that
they are already logged in, because the simul_count_query is picking up
*ALL* rows which have accountstoptime = 0. This is an problem because
all the accounting records are kept in the same place as the start and
stop records, which means that there will always be records with an
acctstoptime=0 in that table. Am I doing anything wrong here? Any tips
on how to fix this problem would be much appreciated. 

Thanks in Advance!

Regards,

Dryw Paulic





More information about the Freeradius-Users mailing list