On Oct 8, 2025, at 8:46 AM, Nitzan Tzelniker via Freeradius-Users <freeradius-users@lists.freeradius.org> wrote:
I’m working on implementing a Simultaneous-Use check using the rediswho module in the FreeRADIUS 3.2 branch. The approach is inspired by the blog post “Preventing Fraudulent Logins with a Session Database” (which unfortunately appears to be offline).
That happens. It's also why we don't recommend using third-party documentation. Not only is most of it wrong, but it tends to disappear over time.
At this stage, I’m successfully writing accounting records into Redis through rediswho. However, I haven’t found any documentation or examples describing how to query Redis for Simultaneous-Use checking and verification — specifically, the equivalent of the simul_count_query and simul_verify_query mechanisms used in the SQL module
Hmm, yes. That does appear to be missing. We'd have to add code to the rlm_rediswho module in order to support that.
If anyone has implemented this or can provide guidance on best practices for performing Simultaneous-Use checks with rediswho, I would appreciate any insights or references.
I think it would require code changes. The Simultaneous-Use functionality does some odd internal magic IIRC. You might be able to get away with manual redis queries, but I haven't looked into that.
Additionally, I noticed that the default rediswho configuration in both versions 3.2 and 4.0 uses the same insert operation for all Acct-Status-Type values. As a result, when querying the Redis, it’s not possible to distinguish between sessions that have terminated with an Acct-Status-Type = Stop and those that are still active.
Ah, good point. That should be fixed, too. I'll make some notes in GitHub. Alan DeKok.