Simultaneous-Use in proxy

Mon Jun 15 22:02:43 CEST 2015

On Jun 15, 2015, at 3:14 PM, Renato Sousa <rensousa at gmail.com> wrote:
> Created another freeradius without proxy to test authentication on users
> file as line below:
> 
> myuser Cleartext-Password: = "test123"
>        Simultaneous-Use: = 1

  That won't work.  The Simultaneous-Use attribute should go onto the first line, with the Cleartext-Password.

> User authentication works, but also allows more than one simultaneous
> session.
> Analyzing the debug log, you can see information about the Simultaneous-Use
> item:
> 
> First login (device: notebook)
> [Peap] Got tunneled reply code 11
>        Simultaneous-Use: = 1
>        EAP-Message =
> 0x014300201a0143001b103aa68684db737872b04dd470becf8bd56d7975736572
>        Message-Authenticator = 0x00000000000000000000000000000000
>        State = 0x182e1712186d0dd5e3788587d7861272
> ...
> [Peap] Got tunneled reply code 2
>        Simultaneous-Use: = 1

  It's not a reply attribute.

> Second login (device: mobile android)
> [TTLS] Got tunneled reply code 2
>        Simultaneous-Use: = 1

  It's not a reply attribute.

> The accountig information is being successfully written to the mysql. The
> acctsessionid field displays two distinct connections to the same user
> (myuser).
> The innertunnel and default files are configured as follows:
> 
> session {
>        sql
> }

  It will check Simultaneous-Use in the inner-tunnel, but it may not have access to all of the session data.

  And you've got to ensure that the User-Name in the Accounting-Request packet is the same as for the Access-Request.  i.e. not "anonymous".

  Alan DeKok.