I'm trying to limit a single username to logon 2 times on the same NAS Port/NAS Port ID.
Our test environment consists of a single FreeRadius Server (Version 2.1.5/4), MySQL Server 5.0.45, and a Cisco 7200VXR with IOS 12.2(31)SB13.
The main issue now is that a single user name with Simultaneous-Use set too 2 is able to login an unlimited number of times on the same NAS Port/NAS Port ID. However, if the same user logon through a different NAS Port/NAS Port ID, Simultaneous-Use checks work as expected. Please, note the following radwho and radiusd -X outputs.
radwho -R Output after first user logged in:
User-Name = "test1" Acct-Session-Id = "00003377" NAS-IP-Address = X.X.X.X NAS-Port = 2097152 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = X.X.X.X
radwho -R Output after second user logged in:
User-Name = "test1" Acct-Session-Id = "00003378" NAS-IP-Address = X.X.X.X NAS-Port = 2097152 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = X.X.X.X Acct-Session-Time = 72
**Note the lack of the first user identified by Acct-Session-ID 00003377.
Yes. When radius server recieves a second accounting Start packet with same Nas-IP-Address/NAS-Port it will "conclude" that the Stop packet for the first session is missing and will log out first session. In short - sending same NAS-Port for multiple sessions breaks accounting. Don't do that. You can try adjusting raddb/modules/acct_unique but I don't see anything you can use instead of NAS-Port. Ivan Kalik Kalik Informatika ISP