checkrad problem solved & get solution

satish patel linuxtrap at yahoo.co.in
Thu Mar 15 15:59:42 CET 2007 

Dear guys

           I have solve the problem of checkrad for simultenous login i have face many problem first time but finaly i got solution and i have modifiy my script for my nas

i have freeradius-1.1.0 with MSSQL2000 with cisco 3700 NAS 

i want to share my solution with all freeradius guys those are faceing this problem 

I am useing checkrad with SNMP and i have change some thing in my script.   checkrad script take input from radius when  user try  for login  like

suse:/ # checkrad
Usage: checkrad nas_type nas_ip nas_port login session_id
suse:/ #

checkrad  get input  nas_type from client.conf   nas_type and nas_ip 
then user name and port take from login time whn user try for login ...

but i dont user port and id_session caz my cisco nas MIB not support port and session thats why i am useing only login name first check manualy through this  method

#checkrad -d cisco 71.5.250.199 43 satish 0004F09
return 0 ( Login OK )

this script just run snmpwalk command and fetch user all user name and gerp specific name which is store in login name veriable in per script ( checkrad ) and compare against of snmpwalk out put if user match then give u error code 1 ( dobule 1 Login ) this is the login of script 

***** Just change in this line of perl script and test your login 

Note :- i am useing cisco nas type so the perl excute cisco_snmp subrutine so  please find this code in cisco_snmp subrutine


this is testing perpose after testing replave $login = satish; with this line
my $login = $ARGV[3];


________________my change in checkrad.pl________________

$login = satish;
        if($login eq $ARGV[3]) {
                return 1;
        }else{
                $out=snmpwalk($ARGV[1],$pass,"1.3.6.1.4.1.9.10.24.1.3.2.1.2.3.45");
                if($out=~/\"$ARGV[3]\"/){
                        return 1;
                }else{
                        return 0;

you can see the login here  $login store satish veriable then this script check $ARGV[3]  veriable this veriable we can get on login time whn will try to satish login  then  snmpwalk  run this command with  MIB now point  is you have to find MIB for online users u can find mib through the software or something else i have also find MIB and put it there with snmpwalk command then second
   if($out=~/\"$ARGV[3]\"/){  this will check user if it get in snmpwalk out put then  u got doble login error if not match the u got single login means no one login this time with user name satish ......


and put Simultenouse-use := 1 attributes in user file 

my entry is 

satish  Auth-Type := Local, User-Password == "testing", Simultaneous-Use := 1
        Service-Type = Framed-user,
        Framed-Protocal = PPP,
        Fall-Through = Yes



 
Contact : -
me if you have any problem regarding Simultenouse login problem 


.

$ cat ~/satish/url.txt

System administrator ( Data Center )

please visit this site

http://linux.tulipit.com   
 				
---------------------------------
 Here’s a new way to find what you're looking for - Yahoo! Answers 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070315/267029e2/attachment.html>

More information about the Freeradius-Users mailing list