On Jan 26, 2015, at 4:49 PM, Bill Schoolfield <bill@billmax.com> wrote:
A client of mine just asked that we limit active sessions per user to 1 (e.g simultaneous use checking). Radutmp was already configured but I disabled it in favor of the checks via the SQL module.
That’s a good idea.
Things look to be working but I'm concerned as the radacct table has lots of (possibly old/bogus) records with no stop info that I assume will cause the check to return false negatives.
Maybe. That’s what checkrad is for. Or, a “cron” job which deletes old sessions.
We also configured checkrad and it is working. My question is this: how exactly is checkrad used? Is it used exclusively or in concert with the SQL module checks? Will I need to cleanup the radacct table or will checkrad "save" me? I have reviewed all the documents and configuration I can find but checkrad use is still a bit of a mystery to me.
When you set Simultaneous-Use = 1, the server does the following: - checks if the user is already logged in if not, the user is allowed in, and we’re done. - otherwise, runs “checkrad” to query the NAS If checkrad returns “logged in”, the user is denied access. Otherwise, he’s allowed. See clients.conf for more information. You need to set a nastype for checkrad to work. If there’s no nastype… the accounting data is presumed to be accurate. Alan DeKok.