Can't get checkrad to be called

Dan Brisson dbrisson at gmail.com
Fri Jun 3 01:59:21 CEST 2011


I do have this feeling that I'm missing, but I'm not sure what it is.

Here's what I have configured:

clients.conf:
client 10.1.10.20 {
         secret      = password
         nastype     = pr3000

sql/mysql/dialup.conf:
         # Uncomment simul_count_query to enable simultaneous use checking
         simul_count_query = "SELECT COUNT(*) \
                              FROM ${acct_table1} \
                              WHERE username = '%{SQL-User-Name}' \
                              AND acctstoptime IS NULL"

#       simul_verify_query  = "SELECT radacctid, acctsessionid, username, \
#                               nasipaddress, nasportid, framedipaddress, \
#                               callingstationid, framedprotocol \
#                               FROM ${acct_table1} \
#                               WHERE username = '%{SQL-User-Name}' \
#                               AND acctstoptime IS NULL"


sites-enabled/default:
#  Session database, used for checking Simultaneous-Use. Either the radutmp
#  or rlm_sql module can handle this.
#  The rlm_sql module is *much* faster
session {
         radutmp

         #
         #  See "Simultaneous Use Checking Queries" in sql.conf
         sql
}

modules/perl:
        func_checksimul = checksimul

And in my MySQL radcheck table I have:

testuser  Simultaneous-Use := 1

Thanks in advance for any insight,

-dan

On 6/2/11 5:54 AM, Alan DeKok wrote:
> Dan Brisson wrote:
>> I was wondering if someone could help me determine why checkrad isn't
>> being called.  I've followed the directions in the doc/Simultaneous-Use
>> but still cannot get checkrad to fire off when I login.  It will check
>> radutmp, but never reaches out to my NAS with checkrad, as evidenced
>> here from radiusd -X:
>>
>> +- entering group session {...}
>> [radutmp]       expand: /var/log/radius/radutmp ->  /var/log/radius/radutmp
>> [radutmp]       expand: %{User-Name} ->  testuser
>> ++[radutmp] returns ok
>> Using Post-Auth-Type Reject
>    If you've configured Simultaneous-Use, then there should be
> *something* about checkrad in the output.
>
>> Can I provide any other data?  I'm using SQL for authorization and
>> accounting.  I'm on version 2.1.7-7.el5 of FreeRadius.
>    Where did you configure Simultaneous-Use?  How?
>
>    Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list