Problem with Simultaneous-Use

Alan DeKok aland at deployingradius.com
Mon Jun 8 20:39:47 CEST 2015 

On Jun 8, 2015, at 2:26 PM, Felipe Lopez Placencio <felipe.lopez at pucv.cl> wrote:
>   Yes, all users can log in 3 times, as we configured in the WLC Cisco,
> but we want to restrict one group in 2 connections.

  You've already said that.

>> After the user logs in, does the client send an accounting "start"
> packet?
> 
>   We suppose. The log detail shows:

  <sigh>  The debug output is useful.  The detail log isn't useful.

  Why?  Because the debug output shows EVERYTHING.

>> Is that packet stored in a DB (radutmp, sql, etc.)
> 
>   Yes, the packet is stored in radutmp, but only the last connection.
> Thats mean that appears only one input.

  That's the problem, then.  The AP is telling FreeRADIUS that the user is logging in once.  And then again, from the same connection.

  So the user *isn't* logging in twice, from two different connections.  He's logging in twice from the SAME connection.

  This isn't magic.  FreeRADIUS can't magically know your intent.  It can't know that even though the NAS *claims* the two logins are the same... that you think they're actually different.

  So... are the requests the same?  You clearly don't know.  Because you haven't looked at the debug log.  Or if you did look there, you didn't notice the *important* pieces.

>> Does the server discover that the user is already logged in?
> 
>   We think no, because doesn't work.

  "It doesn't work" is almost always a bad answer.

>> What happens then?
> 
>   We don't know for what reason does not work.

  Yes, you do.  See above.

>> The debug output, as suggested in the FAQ, "man" page, web pages, and
> daily on this list?
> 
>    The debug doesn't show any error or warning.

  <sigh>  You can't get it to work.  I ask for the debug log, and you say "it doesn't show anything".

  Really?  You're asking for help, and when I tell you I need the debug output, your response is essentially "No, you don't".

  That's rude.  I've never understood why some people ask for help, and then fight against every attempt to help them.

  Alan DeKok.

More information about the Freeradius-Users mailing list