return a special value in reply when simultaneous use
Hello, I'm working with Freeradius 2.1.8 I'm using session (sql) to control simultaneous use. I would like to return a special value if an user try to access with credentials in use. Group session {...} always resturns ok, so I don't know what can I do in post-auth to distinguish between all reject. I test this configuration in my default server: session { if ("%{Realm}" == "xxx.es") { sql } } post-auth { if (fail) { update reply { Codigo-Reject := Imposible-Contactar-Backend } reject } sql Post-Auth-Type REJECT { if (simulcount) { update reply { Codigo-Reject = Sesion-Abierta } } update reply { Codigo-Reject = Credenciales-Erroneas } sql attr_filter.access_reject } } But don't work. Here is part of the debug info for an accept request: [pap] User authenticated successfully ++[pap] returns ok +- entering group session {...} ++? if ("%{Realm}" == "xxx.es") expand: %{Realm} -> xxx.es ?? Evaluating ("%{Realm}" == "xxx.es") -> TRUE ++? if ("%{Realm}" == "xxx.es") -> TRUE ++- entering if ("%{Realm}" == "xxx.es") {...} . . . rlm_sql (sql): Reserving sql socket id: 4 rlm_sql (sql): Released sql socket id: 4 +++[sql] returns ok ++- if ("%{Realm}" == "xxx.es") returns ok +- entering group post-auth {...} And here is part of the debug info for an reject request for simultaneous use: [pap] User authenticated successfully ++[pap] returns ok +- entering group session {...} ++? if ("%{Realm}" == "xxx.es") expand: %{Realm} -> xxx.es ?? Evaluating ("%{Realm}" == "xxx.es") -> TRUE ++? if ("%{Realm}" == "xxx.es") -> TRUE ++- entering if ("%{Realm}" == "xxx.es") {...} . . . rlm_sql (sql): Reserving sql socket id: 3 rlm_sql (sql): Released sql socket id: 3 +++[sql] returns ok ++- if ("%{Realm}" == "xxx.es") returns ok } # server rinuex Using Post-Auth-Type Reject +- entering group REJECT {...} ++? if (simulcount) ? Evaluating (simulcount) -> TRUE ++? if (simulcount) -> TRUE I need help. Thank you very much and sorry for my english. -- ____________________ Ana Gallardo Gómez ____________________
Hello again, I continue working on this, but I can't find the solution. Can I check the result of simul_count_query? Thank you again ____________________ Ana Gallardo Gómez ____________________
Hello again, I'm working with Freeradius 2.1.8
I'm using session (sql) to control simultaneous use.
I would like to return a special value if an user try to access with credentials in use.
I have it working adding a new attribute to request list whit the result of the simul_count_query, and checking this value later in post_auth section. session { if ("%{Realm}" == "xxx.es") { update request { Num-Open-Session := "%{sql:SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL}" } sql } } post-auth { sql if (fail) { update reply { Codigo-Reject := Imposible-Contactar-Backend } reject } Post-Auth-Type REJECT { if ("%{request:Num-Open-Session}"){ update reply { Codigo-Reject = Sesion-Abierta } } else{ update reply { Codigo-Reject = Credenciales-Erroneas } } I think that this not is the better way to do, but... Thank you very much ____________________ Ana Gallardo Gómez ____________________
participants (1)
-
Ana Gallardo