On Jan 2, 2017, at 4:44 PM, Bill Schoolfield <bill@billmax.com> wrote:
Hmm. No NAS, using radtest or radclient to simulate what needs to happen.
You need to send accounting "start" packets, too. We should really have automated tests for this...
I created a single radacct record for a test user with a null stop time and I expect the auth to fail unless the group Simultaneous-Use is overwitten by a user specific radcheck attribute of the same name.
This works:
mysql> select * from radgroupcheck; +----+--------------------+------------------+----+-------+ | id | groupname | attribute | op | value | +----+--------------------+------------------+----+-------+ | 1 | Package2MB | Simultaneous-Use | = | 1 |
mysql> select * from radcheck where username like 'test@livenet.bm'; +-----+-----------------+--------------------+----+---------+ | id | username | attribute | op | value | +-----+-----------------+--------------------+----+---------+ | 1 | test@livenet.bm | Cleartext-Password | := | test123 | | 584 | test@livenet.bm | Simultaneous-Use | := | 3 |
mysql> select * from radusergroup where username like 'test@livenet.bm'; +-----------------+------------+----------+ | username | groupname | priority | +-----------------+------------+----------+ | test@livenet.bm | Package2MB | 1 | +-----------------+------------+----------+
But if the radcheck table doesn't have the Simultaneous-Use entry, the auth is allowed.
As always, read the debug output to see what's going on. Alan DeKok.