Hi Alan,
That won't work. The Simultaneous-Use attribute should go onto the first line, with the Cleartext-Password.
OK! I changed the user file to: myuser Cleartext-Password: = "test123" Simultaneous-Use: = 1 Now the freeradius started to refuse the second connection myuser User :) # Executing section session from file /etc/freeradius/sites-enabled/inner-tunnel +- entering group session {...} [sql] expand: %{User-Name} -> myuser [sql] sql_set_user escaped user --> 'myuser' [sql] expand: SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL -> SELECT COUNT(*) FROM radacct WHERE username = 'myuser' AND acctstoptime IS NULL rlm_sql (sql): Reserving sql socket id: 4 [sql] expand: SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL -> SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = 'myuser' AND acctstoptime IS NULL checkrad: Unknown NAS 172.19.13.15, not checking rlm_sql (sql): Released sql socket id: 4 ++[sql] returns ok } # server inner-tunnel [ttls] Got tunneled reply code 3 Reply-Message := "\r\nYou are already logged in - access denied\r\n\n" [ttls] Got tunneled Access-Reject [eap] Handler failed in EAP/ttls [eap] Failed in EAP select ++[eap] returns invalid Failed to authenticate the user. How to work around authentication forwarding to another freeradius? Graciously Renato L. Sousa