simultaneous use, checkrad, and MPP attempts

Christopher Carver ccarver at pennswoods.net
Wed Nov 9 06:35:02 CET 2005


Hello,

Thanks everyone for the great product that I've relying on for the past 
several years.  I am now seeing a problem I hope someone can help with.

I'm using Freeradius-0.9.3 on FreeBSD 5.2.1-REALEASE.  We have 
Freeradius doing strictly dialup authentication.  Some of the NAS's 
querying the radius server are our equipment.  Some of the NAS's are 
equipment we lease from another company and have no access to.  We have 
been successfully using simultaneous checking while using all of our own 
equipment.  However, since leasing equipment we have been getting the 
following entries in radius.log:

Tue Nov  8 23:26:09 2005 : Auth: Multiple logins (max 1) [MPP attempt]: 
[user1] (from client pa-230-radius0 port 2287 cli async)
Tue Nov  8 23:27:17 2005 : Auth: Multiple logins (max 1) [MPP attempt]: 
[user2] (from client pa-230-radius0 port 2703 cli async)
Tue Nov  8 23:32:38 2005 : Auth: Multiple logins (max 1) [MPP attempt]: 
[user3] (from client pa-230-radius0 port 3699 cli async)

The proxy'ing radius servers and NAS's of the other company from whom we 
lease equipment are unavailable to checkrad.  By default shouldn't it be 
allowing these people on?  I looked at the code and it seemed as though 
it should.  I set the nastype to other in clients.conf for these entries 
and I still see MPP attempts.  Finally, I looked at the source of 
checkrad.  I modified the line for "other" nastypes to always return 0, 
which should be interpreted as no multiple login.  The numbers you see 
to the left are line numbers:

1351 } elsif ($ARGV[0] eq 'other') {
1352         $ret = 0;
1353 } else {

Any idea why this isn't behaving how I expect?  Is there a more 
appropriate way I can ensure that users connecting via NAS's and 
proxy'ing radius servers we lease will never be rejected because of 
multiple logins?  And what is the difference between MPP attempt and 
regular multiple login?

Thank you very much for your time.

Chris Carver



More information about the Freeradius-Users mailing list