<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
</head><body>
<p style="margin: 0;" id="mceDummy"><span> <span> Hi,</span></span></p>
<p style="margin: 0;"><span><span><br/></span></span></p>
<p style="margin: 0;"><span><span>i've got a problem with simultaneous-use and a Cisco WLC4400. If i</span></span></p>
<p style="margin: 0;"><span><span>choose nastype=other in clients.conf the radaact table gets queried</span></span></p>
<p style="margin: 0;"><span><span>and if there is a running session for that user ( acctstoptime IS NULL)</span></span></p>
<p style="margin: 0;"><span><span>the user gets rejected ( defined for the users group in radgroupcheck</span></span></p>
<p style="margin: 0;"><span><span> simultaneous-use := 1 ).</span></span></p>
<p style="margin: 0;"><span><span><br/></span></span></p>
<p style="margin: 0;"><span><span> So far so good, </span></span>but if i choose nastype=cisco, the user can log in as</p>
<p style="margin: 0;">often as wanted. Checkrad gets executed and logs the following:</p>
<p style="margin: 0;"> </p>
<p style="margin: 0;">/var/log/radius/checkrad.log</p>
<p style="margin: 0;"> </p>
<p style="margin: 0;">----------snip-----------------------------------------------</p>
<p>Fri Jun 1 15:18:27 2012 checkrad cisco 141.72.65.21 1 machauer@staff.dhbw-mannheim.de 4fc8c577/a0:0b:ba:dd:25:8a/44<br/>snmpget: /usr/bin/snmpget -r 1 -t 5 -v2c -c 'xxxxxxxxxx' 141.72.65.21 .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.1<br/> user at port S1: No<br/>snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'xxxxxxxxxx' 141.72.65.21 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3<br/> Returning 0 (login ok)</p>
<p>------------snap------------------------------------------------</p>
<p style="margin: 0px;" class="mceNewline"> </p>
<p style="margin: 0px;" class="mceNewline">If i execute the snmpget command by hand, i get the following:</p>
<p style="margin: 0px;" class="mceNewline"> </p>
<p style="margin: 0px;" class="mceNewline"> SNMPv2-SMI::enterprises.9.2.9.2.1.18.1 = No Such Object available on this agent at this OID</p>
<p style="margin: 0px;" class="mceNewline"> </p>
<p style="margin: 0px;" class="mceNewline">The MIB on this device seems to be different than on other cisco devices :-(</p>
<p style="margin: 0px;" class="mceNewline"> </p>
<p style="margin: 0px;" class="mceNewline">Has anyone an updated checkrad version which can get active usersessions from Cisco WLC</p>
<p style="margin: 0px;" class="mceNewline">or a hint how checkrad needs to be edited to do so ?</p>
<p style="margin: 0px;" class="mceNewline"> </p>
<p style="margin: 0px;" class="mceNewline">Using nastype=other is no option, because the NAS only sends sessiontimeouts every 10 Minutes</p>
<p style="margin: 0px;" class="mceNewline">and i always have a time lag between radacct sessions and NAS sessions.</p>
<p style="margin: 0px;" class="mceNewline"> </p>
<p style="margin: 0px;" class="mceNewline">Help would be really great !</p>
<p style="margin: 0px;" class="mceNewline"> </p>
<p style="margin: 0px;" class="mceNewline">Yours</p>
<p><strong>Patrick Machauer</strong><br/>Rechenzentrum</p>
<p><strong>Duale Hochschule Baden-Württemberg Mannheim</strong><br/>Baden-Wuerttemberg Cooperative State University Mannheim<br/><strong>Rechenzentrum</strong><br/>Coblitzallee 1-9<br/>68163 Mannheim</p>
<p>Tel.: +49 (0)621 4105 - 1278<br/>Fax: +49 (0)621 4105 - 1278<br/>E-Mail: <a href="mailto:machauer@dhbw-mannheim.de">machauer@dhbw-mannheim.de</a><br/>Web: <a href="http://www.rz.dhbw-mannheim.de">http://www.rz.dhbw-mannheim.de</a></p>
<p> </p>
<p style="font-family: monospace; white-space: nowrap; margin: 5px 0px 5px 0px;" class="mceHTML" id="mceSignatureBottom"> </p>
<p style="margin: 0px;" class="mceNewline"> </p>
</body></html>