Simultaneous-Use := 2 and MySQL

Reilly, Paul preilly at eastpennsd.org
Wed Feb 25 14:43:47 CET 2015


I configured mysql to use for accounting and can see information in radacct.  If I don't set a nas type in clients.conf  will Simultaneous-Use only use SQL to check if a user is logged in and not use checkrad (correct)?  Also  I continue to get the error where setting Simultaneous-Use to :=2 it fails (nas type not set).  See information below

When set to Simultaneous-Use := 1   (second user below)

[sql]   expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'
[sql]   expand: SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radcheck           WHERE username = 'preilly'           ORDER BY id
[sql]   expand: SELECT id, username, attribute, value, op           FROM radreply           WHERE username = '%{SQL-User-Name}'           ORDER BY id -> SELECT id, username, attribute, value, op           FROM radreply           WHERE username = 'preilly'           ORDER BY id
[sql]   expand: SELECT groupname           FROM radusergroup           WHERE username = '%{SQL-User-Name}'           ORDER BY priority -> SELECT groupname           FROM radusergroup           WHERE username = 'preilly'           ORDER BY priority
[sql]   expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'
[sql]   expand: SELECT COUNT(*)                              #FROM radacct                              #WHERE username = '%{SQL-User-Name}'                              #AND acctstoptime IS NULL -> SELECT COUNT(*)                              #FROM radacct                              #WHERE username = 'preilly'                              #AND acctstoptime IS NULL
[sql]   expand: SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = '%{SQL-User-Name}'                                AND acctstoptime IS NULL -> SELECT radacctid, acctsessionid, username,                                nasipaddress, nasportid, framedipaddress,                                callingstationid, framedprotocol                                FROM radacct                                WHERE username = 'preilly'                                AND acctstoptime IS NULL
Multiple logins (max 1) : [preilly] (from client Cisco port 0 via TLS tunnel)
        User-Name = "preilly"
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
Login incorrect: [preilly/<via Auth-Type = EAP>] (from client Cisco port 13 cli 58-b0-35-67-b6-ed)
[attr_filter.access_reject]     expand: %{User-Name} -> preilly


Simultaneous-Use := 2

USER 1:
Login OK: [preilly] (from client Cisco port 0 via TLS tunnel)
        expand: %{User-Name} -> preilly
        expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
  [ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
        User-Name = "preilly"
        User-Name = "preilly"
        User-Name = "preilly"
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
Login OK: [preilly] (from client Cisco port 13 cli 60-33-4b-0a-35-7b)
        expand: %{User-Name} -> preilly
        expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
  [ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
        User-Name = "preilly"
        User-Name = "preilly"
[acct_unique] Hashing 'NAS-Port = 13,Client-IP-Address = 172.23.160.4,NAS-IP-Address = 172.23.160.4,Acct-Session-Id = "54edc53c/60:33:4b:0a:35:7b/815513",User-Name = "preilly"'
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
[sql]   expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'

USER 2:
Login OK: [preilly] (from client Cisco port 0 via TLS tunnel)
        expand: %{User-Name} -> preilly
        expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
  [ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
        User-Name = "preilly"
        User-Name = "preilly"
        User-Name = "preilly"
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
Login OK: [preilly] (from client Cisco port 13 cli 58-b0-35-67-b6-ed)
        expand: %{User-Name} -> preilly
        expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
  [ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
        User-Name = "preilly"
        User-Name = "preilly"
[acct_unique] Hashing 'NAS-Port = 13,Client-IP-Address = 172.23.160.4,NAS-IP-Address = 172.23.160.4,Acct-Session-Id = "54edccc5/58:b0:35:67:b6:ed/816142",User-Name = "preilly"'
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
[sql]   expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'
[attr_filter.accounting_response]       expand: %{User-Name} -> preilly

USER 3:
Login OK: [preilly] (from client Cisco port 0 via TLS tunnel)
        expand: %{User-Name} -> preilly
        expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
  [ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
        User-Name = "preilly"
        User-Name = "preilly"
        User-Name = "preilly"
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
Login OK: [preilly] (from client Cisco port 13 cli 24-a2-e1-d4-66-07)
        expand: %{User-Name} -> preilly
        expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
  [ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
        User-Name = "preilly"
        User-Name = "preilly"
[acct_unique] Hashing 'NAS-Port = 13,Client-IP-Address = 172.23.160.4,NAS-IP-Address = 172.23.160.4,Acct-Session-Id = "54edd0ed/24:a2:e1:d4:66:07/816564",User-Name = "preilly"'
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
[sql]   expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'
[attr_filter.accounting_response]       expand: %{User-Name} -> preilly



Below is the table in SQL with all 3 logged in:


mysql> select * from radacct;
+-----------+-----------------------------------+------------------+----------+-----------+-------+--------------+-----------+-----------------+---------------------+--------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------------------+
| radacctid | acctsessionid                     | acctuniqueid     | username | groupname | realm | nasipaddress | nasportid | nasporttype     | acctstarttime       | acctstoptime | acctsessiontime | acctauthentic | connectinfo_start | connectinfo_stop | acctinputoctets | acctoutputoctets | calledstationid | callingstationid | acctterminatecause | servicetype | framedprotocol | framedipaddress | acctstartdelay | acctstopdelay | xascendsessionsvrkey |
+-----------+-----------------------------------+------------------+----------+-----------+-------+--------------+-----------+-----------------+---------------------+--------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------------------+
|       101 | 54edc53c/60:33:4b:0a:35:7b/815513 | 218dd0fa625ec043 | preilly  |           |       | 172.23.160.4 | 13        | Wireless-802.11 | 2015-02-25 07:51:08 | NULL         |            2844 | RADIUS        |                   | NULL             |         1198146 |          2596646 | 172.23.160.4    | 172.26.160.75    |                    |             |                | 172.26.160.75   |              0 |          NULL |                      |
|       102 | 54edccc5/58:b0:35:67:b6:ed/816142 | def07acd9c4933a3 | preilly  |           |       | 172.23.160.4 | 13        | Wireless-802.11 | 2015-02-25 08:23:18 | NULL         |             978 | RADIUS        |                   | NULL             |          130719 |            19886 | 172.23.160.4    | 172.26.161.254   |                    |             |                | 172.26.161.254  |              0 |          NULL |                      |
|       103 | 54edd0ed/24:a2:e1:d4:66:07/816564 | 72262aa1fafe27d4 | preilly  |           |       | 172.23.160.4 | 13        | Wireless-802.11 | 2015-02-25 08:41:01 | NULL         |               0 | RADIUS        |                   |                  |               0 |                0 | 172.23.160.4    | 172.26.162.1     |                    |             |                | 172.26.162.1    |              0 |             0 |                      |
+-----------+-----------------------------------+------------------+----------+-----------+-------+--------------+-----------+-----------------+---------------------+--------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------------------+
3 rows in set (0.00 sec)



From

Paul Reilly



More information about the Freeradius-Users mailing list