Trying to restrict simultaneous-use
Alan DeKok
aland at deployingradius.com
Mon Mar 7 03:02:55 CET 2016
On Mar 6, 2016, at 6:09 PM, Michael Martinez <mwtzzz at gmail.com> wrote:
>
> On Sat, Mar 5, 2016 at 11:02 AM, Alan DeKok <aland at deployingradius.com> wrote:
>> At this point, I'm going to have to suggest you read the docs on Simultaneous-Use. See the wiki. It explains all of this in detail.
>
> According to the wiki, snmp is needed by checkrad, so I installed it
> and added /usr/bin/snmpget to the snmpget variable in the script.
That's all nice and good, but do you understand the concepts?
Why is checkrad being called? Do you know?
> Now
> remember I am trying to simulate Simultaneous-Use from localhost. I'm
> wondering whether this is possible, because if I define localhost as
> nastype "other", the checkrad ignores it and the server returns
> Access-Accept.
That's how it's supposed to work. As I said before, it's fail-safe. If you want it to behave differently... I told you how to get it to behave differently.
> If I put some other nas_type value such as "cisco" then
> checkrad tries to look up the MIB so that it can connect via snmpget.
> I don't want to have to set up snmpd on my localhost just to test
> this. Is there any other way?
You can't just install snmpd on localhost, and expect it to answer on the *cisco* MIBS. That makes zero sense. And you can't expect snmpd to magically know that you ran radclient, and that a user tried to login.
Read doc/configuration/simultaneous_use in the distribution archive. See section 3. This is documented.
The "checkrad" program is run when the server thinks a user *might* be already online. "checkrad" checks the users status on the NAS, to see if the user is actually still online.
Alan DeKok.
More information about the Freeradius-Users
mailing list