Simultaneous-Use check not working

Marcelus Trojahn trojahn at i-next.psi.br
Mon Oct 27 21:32:25 CET 2008


Are you telling the radius to check for Simultaneous-Use := 1 anywhere?

Even if you have the SQL for simultaneous use uncommented, you still
have to configure Simultaneous-Use := 1 to that specific user or
group, otherwise it will just ignore the SQL...

I also use SQL for my authentication but on the /etc/raddb/users file,
I added the following to force every login to match it:

DEFAULT Simultaneous-Use := 1
        Fall-Through = Yes

Try adding that to that file or to add one of that for every user or
group you have in your SQL database. The users file is easier to debug
later IMO...

--
Marcelus Trojahn
I-Conecta Redes de Telecomunicação Ltda


On Mon, Oct 27, 2008 at 1:46 PM, DAve <dave.list at pixelhammer.com> wrote:
> Good afternoon,
>
> I have inherited an aged ICRadius install and I am in process of
> converting to FreeRadius 1.1.7. Currently I have a master DB on our
> Management server replicating to two radius servers. Each radius server
> has a unique sql instance to send accounting data to the master DB.
> Everything is working, the DB conversion from ICRadius to FreeRadius
> went fine.
>
> In testing the only issue I have found is I am unable to stop
> Simultaneous use. I read the docs carefully, checked the Wiki, and I
> believe I have everything configured properly. Using RadiusTest 2.4.3
> and radwho I see the following. I check for a login using radwho and I
> see I have a session, I then attempt both a new auth and start
> accounting again and still radwho shows only one login.
>
> [root at radius1 /usr/local/etc/raddb]# radwho
> Login      Name              What  TTY  When      From      Location
> yellowhous yellowhousejake   shell S1   Mon 11:35 192.168.4 192.168.0.1
>
> --------------------10/27/2008 11:55:13 AM Test started  [check
> newrad1]-------------------------
> Info:Sending Access-Request of id 0 to 10.0.241.95:1645
>        Password = "marlin"
>        User-Name = "yellowhousejake"
>        Framed-IP-Address = 192.168.0.1
>        Acct-Session-Id = "201"
> Info: Access-Accept packet from host 10.0.241.95:1645, id=0, length=89
>        Service-Type = Framed-User
>        Framed-Protocol = PPP
>        Framed-IP-Address = 255.255.255.254
>        Framed-IP-Netmask = 255.255.255.255
>        Framed-Routing = None
>        Framed-Compression = Van-Jacobson-TCP-IP
>        Filter-Id = "std.ppp"
>        Framed-MTU = 1500
>        Port-Limit = 1
>        Idle-Timeout = 600
>        Session-Timeout = 28800
>
>           Total approved auths:  1
>             Total denied auths:  0
>               Total lost auths:  0
>               Total time(secs):  0
> --------------------10/27/2008 11:55:13 AM Test finished [check
> newrad1]-------------------------
>
>
> --------------------10/27/2008 11:55:40 AM Test started  [start
> acct]-------------------------
> Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646
>        User-Name = "yellowhousejake"
>        Acct-Session-Id = "201"
>        Acct-Status-Type = Start
>        NAS-Port = 1
>        Framed-IP-Address = 192.168.0.1
> Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20
> Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646
>        User-Name = "yellowhousejake"
>        Acct-Session-Id = "201"
>        Acct-Status-Type = Alive
>        NAS-Port = 1
>        Framed-IP-Address = 192.168.0.1
> Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20
>
>           Total approved auths:  2
>             Total denied auths:  0
>               Total lost auths:  0
>               Total time(secs):  0
> --------------------10/27/2008 11:55:40 AM Test finished [start
> acct]-------------------------
>
> --------------------10/27/2008 11:55:40 AM Test started  [start
> acct]-------------------------
> Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646
>        User-Name = "yellowhousejake"
>        Acct-Session-Id = "201"
>        Acct-Status-Type = Start
>        NAS-Port = 1
>        Framed-IP-Address = 192.168.0.1
> Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20
> Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646
>        User-Name = "yellowhousejake"
>        Acct-Session-Id = "201"
>        Acct-Status-Type = Alive
>        NAS-Port = 1
>        Framed-IP-Address = 192.168.0.1
> Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20
>
>           Total approved auths:  2
>             Total denied auths:  0
>               Total lost auths:  0
>               Total time(secs):  0
> --------------------10/27/2008 11:55:40 AM Test finished [start
> acct]-------------------------
>
> [root at radius1 /usr/local/etc/raddb]# radwho
> Login      Name              What  TTY  When      From      Location
> yellowhous yellowhousejake   shell S1   Mon 11:55 192.168.4 192.168.0.1
>
> Here are the parts of my conf I believe I need to check for simultaneous
> use.
>
> ## radiusd.conf
> radutmp {
>    filename = ${logdir}/radutmp
>    username = %{User-Name}
>    case_sensitive = yes
>    check_with_nas = no
>    callerid = "yes"
> }
>
>
> accounting {
>    radutmp
> ##  sradutmp
>    sql_acct
> }
>
> session {
>    radutmp
>    sql_acct
> }
>
> ## sql.conf
> # Uncomment simul_count_query to enable simultaneous use checking
> simul_count_query = "SELECT COUNT(*) \
>  FROM ${acct_table1} \
>  WHERE UserName='%{SQL-User-Name}' \
>  AND AcctStopTime = 0"
>
>
> Note I enabled radutmp after sql was failing to stop the second login. I
> am certain I have missed something simple but I am unable to find it.
> Any help, cluesmacks, etc are appreciated.
>
> DAve
>
>
> --
> I am watching the debate and I am very disappointed. The rules are
> simple, "answer the question". I would vote right now, and I can
> in Indiana, for the man who answered the question directly, in
> less than a minute, and then sat down before the green light was out.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>




More information about the Freeradius-Users mailing list