Simultaneos-Use in login for same mac-address

Guy Fraser guy at incentre.net
Fri Jun 6 17:39:05 CEST 2008 

On 2008-Jun-06, at 08:40, Jean Carlos Oliveira Guandalini wrote:

> Hello,
>
> we have a problem of mac-address clone, and we use the Simultaneous- 
> Use: = 1 option to not allow double login, but when this is a case  
> of the clone mac-address the freeradius allows the connection.
>
> Log of sql.trace:
> INSERT into radpostauth (id, user, pass, reply, date) values ('',  
> 'userlogin', '290476', 'Access-Accept', NOW());
> INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,  
> NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,  
> AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,  
> AcctInputOctets, AcctOutputOctets, CalledStationId,  
> CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,  
> FramedIPAddress, AcctStartDelay, AcctStopDelay) values('81b00935',  
> 'bcc93b20ea389f59', 'userlogin', '', '10.0.6.10', '2447',  
> 'Ethernet', '2008-06-06 11:08:45', '0', '0', 'RADIUS', '', '', '0',  
> '0', 'INTERNET', '00:4F:62:0A:1F:BF', '', 'Framed-User', 'PPP',  
> '111.111.111.111', '0', '0');
> UPDATE radacct SET AcctStopTime = '2008-06-06 11:08:46',  
> AcctSessionTime = '0', AcctInputOctets = '0', AcctOutputOctets =  
> '0', AcctTerminateCause = '', AcctStopDelay = '0', ConnectInfo_stop  
> = '' WHERE AcctSessionId = '81b00935' AND UserName = 'userlogin' AND  
> NASIPAddress = '10.0.6.10';
> INSERT into radpostauth (id, user, pass, reply, date) values ('',  
> 'userlogin', '290476', 'Access-Accept', NOW());
> INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,  
> NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,  
> AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,  
> AcctInputOctets, AcctOutputOctets, CalledStationId,  
> CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,  
> FramedIPAddress, AcctStartDelay, AcctStopDelay) values('81b00936',  
> '3f7c1d06dbd205d4', 'userlogin', '', '10.0.6.10', '2448',  
> 'Ethernet', '2008-06-06 11:08:49', '0', '0', 'RADIUS', '', '', '0',  
> '0', 'INTERNET', '00:4F:62:0A:1F:BF', '', 'Framed-User', 'PPP',  
> '111.111.111.111', '0', '0');
>
>
> Queries in sql.conf:
> simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE  
> UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,  
> NASIPAddress, NASPortId, FramedIPAddress, CallingStationId,  
> FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}'  
> AND AcctStopTime = 0"
>
>
> despite the mac-address to match are two different users, and the  
> second to connect without first disconnecting was before.
> Is there any possibliidade to block it?
>
>
> Thanks
>
> Sorry for my english (By Google Tradutor)

I do not think there is a way to block it.
You may want to have the real user change his mac address then block  
the cloned mac address.
You will likely then find that another mac address gets cloned.
If you move to a secure username / password access method you may be  
able to stop the abuser.

More information about the Freeradius-Users mailing list