session log in SQL

Alan DeKok aland at
Tue Apr 7 17:41:34 CEST 2015

On Apr 7, 2015, at 11:16 AM, Khapare Joshi <khapare77 at> wrote:
> I have tried today with simualtaneous-Use with gidnumber, here are what I
> did.

  That all looks fine.

> # check gid for simultaneous use
> if ("%{gidnumber}" < 200){

  That's not necessary.  You should just do:

	if (gidnumber < 200) {

  And PLEASE cut & paste these examples in the email.  Do NOT rewrite them.  The example you gave has syntax errors.  It should be:

if (gidnumber < 200){
   update request {
     Simultaneous-Use := 1
    update request {
       Simultaneous-Use := 2

> the regex checking returns true for user testsim who has gid less than 200

  It's not a regex check.  This MATTERS.  If you don't use the right terminology, you'll never understand what's going on, and you'll never be able to fix it.

> but testsim still able to login 2nd and 3rd login.
> can anyone see what I am missing ?
> here is the debug output

  Which includes:

(1) a long EAP session.  Users can log in.  We don't need to see this. 

(2) ONE accounting packet.  We already know that users can log in once.

  It does NOT include a login session where the user CAN log in, but should not be able to.  Since you're not looking at that, you don't really know what's going wrong.  And you'll never be able to solve the problem.

  You need to take a methodical approach to solve this issue.  Have a user log in once, and save that debug output.  Have them log in again.  Save that debug output.  Then, compare the two to see why they differ.  Be sure that users can login when they're supposed to, and are rejected when they should be rejected.

  Alan DeKok.

More information about the Freeradius-Users mailing list