configuration freeradius for no simultaneous use
tolik_shavlovsky at mail.ru
tolik_shavlovsky at mail.ru
Fri Dec 2 11:35:58 CET 2011
according to doc:
The server keeps a list of logged-in users in the /var/log/radutmp file.
This is also called "the session database". When you execute "radwho",
all that radwho really does is list the entries in this file in a pretty
format. Only when someone tries to login who _already_ has an active
session according to the radutmp file, the server executes the perl
script /usr/local/sbin/checkrad (or /usr/sbin/checkrad, it checks for
the presence of both and in that order). This script queries the terminal
server to see if the user indeed already has an active session.
The script uses SNMP for Livingston Portmasters and Ciscos, finger for
Portslave, Computone and Ascend, and Net::Telnet for USR/3Com TC.
Since the script has been witten in perl, it's easy to adjust for
any type of terminal server. There are implementations in the script for
checks using SNMP, finger, and telnet, so it should be easy to add
your own check routine if your terminal server is not supported yet.
You can find the script in the file src/checkrad.pl.
You need to set the correct type in the file /etc/raddb/naslist so that
checkrad KNOWS how it should interrogate the terminal server. At this
time you can define the following types:
my /usr/local/etc/raddb doesn't has naslist ans naspassword files.
If i configure them manually, so freeradius will connect to NAS (we use cisco) via snmp and check user session? So, in such way i don't need script?
02 декабря 2011, 13:53 от "Fajar A. Nugraha-2 [via FreeRadius]" <ml-node+s1045715n5041277h78 at n5.nabble.com>:
2011/12/2 Толик Шавловский <[hidden email]>:
> Dear Alan,
I assume you want help from anyone, not just Alan, so I'll add some
> i am not good acquainted with freeradius. So, from doc/Simultaneous-use i understood that freeradius requres script, which will connect to NAS and check user session. Am i right?
That's one way to do that (and possibly the most accurate way). But
not the ONLY way.
You can make it work without the script, if you store accounting data
in sql. See (for example) raddb/sql/mysql/dialup.conf, look for
"simul_count_query" and "simul_verify_query". But again, you need to
store accounting data for it to work.
> 02 декабря 2011, 12:43 от "Fajar A. Nugraha" <[hidden email]>:
>> On Fri, Dec 2, 2011 at 3:37 PM, [hidden email]
>> <[hidden email]> wrote:
>> > Dear Alan,
>> > i added Simultaneous-Use = 1 to user profile in users file.
>> Did you read the doc? Or the reply I sent earlier?
>> It requires MORE than just that.
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041277.html
To unsubscribe from configuration freeradius for no simultaneous use, click here.
View this message in context: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041384.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Freeradius-Users