duplicate users + Free Radius

[Sven Hartge]

Tyler Nally <tnally at technally.com> wrote:

> Curious... assuming FreeRadius is configured to allow people to use
> the NAS via a username/password combination... would that allow
> johndoe to use both laptop computer and iPhone (and other wifi enabled
> devices) concurrently?  or does FreeRadius boot the oldest
> authenticated login off of duplicate uses?

The depends on your configuration.

Normally freeradius just sends another Access-Accept and is done with
it.

If you want to disable duplicate logins, you have to keep the state of
active logins somewhere (SQL database) and check for an existing session
if a new requests comes in. This will disallow the second login to
happen.

If you want to boot the first login from the device and allow the second
one, this gets a bit more complicated, as you have to actively tell the
device to disconnect the first session. I think the correct search term
here may be "CoA" or "Change of Authorization".

Grüße,
Sven.

-- 
Sig lost. Core dumped.