Simultaneos-Use in login for same mac-address

Jean Carlos Oliveira Guandalini jeanguandalini at visaonet.com.br
Fri Jun 6 16:40:49 CEST 2008 

Hello,

we have a problem of mac-address clone, and we use the Simultaneous-Use: 
= 1 option to not allow double login, but when this is a case of the 
clone mac-address the freeradius allows the connection.

Log of sql.trace:
INSERT into radpostauth (id, user, pass, reply, date) values ('', 
'userlogin', '290476', 'Access-Accept', NOW());
INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, 
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, 
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, 
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, 
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, 
AcctStartDelay, AcctStopDelay) values('81b00935', 'bcc93b20ea389f59', 
'userlogin', '', '10.0.6.10', '2447', 'Ethernet', '2008-06-06 11:08:45', 
'0', '0', 'RADIUS', '', '', '0', '0', 'INTERNET', '00:4F:62:0A:1F:BF', 
'', 'Framed-User', 'PPP', '111.111.111.111', '0', '0');
UPDATE radacct SET AcctStopTime = '2008-06-06 11:08:46', AcctSessionTime 
= '0', AcctInputOctets = '0', AcctOutputOctets = '0', AcctTerminateCause 
= '', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = 
'81b00935' AND UserName = 'userlogin' AND NASIPAddress = '10.0.6.10';
INSERT into radpostauth (id, user, pass, reply, date) values ('', 
'userlogin', '290476', 'Access-Accept', NOW());
INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, 
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, 
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, 
AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, 
AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, 
AcctStartDelay, AcctStopDelay) values('81b00936', '3f7c1d06dbd205d4', 
'userlogin', '', '10.0.6.10', '2448', 'Ethernet', '2008-06-06 11:08:49', 
'0', '0', 'RADIUS', '', '', '0', '0', 'INTERNET', '00:4F:62:0A:1F:BF', 
'', 'Framed-User', 'PPP', '111.111.111.111', '0', '0');


Queries in sql.conf:
simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE 
UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, 
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, 
FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND 
AcctStopTime = 0"


despite the mac-address to match are two different users, and the second 
to connect without first disconnecting was before.
Is there any possibliidade to block it?


Thanks

Sorry for my english (By Google Tradutor)

-- 
Jean Carlos Oliveira Guandalini
Dep. de Redes e Infra-estrutura
VisãoNet Tecnologia e Telecomunicações
0800-643-5025

More information about the Freeradius-Users mailing list