FreeRadius V2.0.0 Simultaneous-Use Problems
Dryw Paulic
DPaulic at tranzeo.com
Mon Jan 21 20:19:06 CET 2008
Hello Everyone,
On Freeradius Version 2.0.0, I have an issue with Simultaneous-Use.
Multiple logins are being caught, but the issue seems to be that the
checks seem to be catching much more than they should be. In particular,
I was looking at this user:
mysql> select * from radgroupcheck;
+----+-----------+------------------+----+-------+
| id | GroupName | Attribute | op | Value |
+----+-----------+------------------+----+-------+
| 1 | dynamic | Auth-Type | == | Local |
| 2 | static | Auth-Type | == | Local |
| 8 | static | Simultaneous-Use | := | 1 |
| 7 | dynamic | Simultaneous-Use | := | 1 |
+----+-----------+------------------+----+-------+
4 rows in set (0.00 sec)
mysql> select * from radusergroup where username='Kat';
+----------+-----------+----------+
| UserName | GroupName | priority |
+----------+-----------+----------+
| Kat | static | 1 |
+----------+-----------+----------+
1 row in set (0.00 sec)
mysql> select * from radcheck where username='Kat';
+------+----------+------------+----+----------------------+
| id | UserName | Attribute | op | Value |
+------+----------+------------+----+----------------------+
| 4946 | Kat | Password | == |testing123 |
| 4947 | Kat | expiration | := | 15 Feb 2008 15:01:32 |
+------+----------+------------+----+----------------------+
2 rows in set (0.00 sec)
I took a look at the SQL Queries used by freeradius to check the logins
and decided to run them manually on my sql database:
mysql> SELECT COUNT(*) FROM radacct WHERE username = 'Kat' AND
acctstoptime = 0;
+----------+
| COUNT(*) |
+----------+
| 16 |
+----------+
1 row in set (0.00 sec)
But if I run:
mysql> select * from radacct where username ='Kat' \G;
*************************** 26. row ***************************
radacctid: 1789
acctsessionid: 00:0E:0C:2D:18:56:12008736891000
acctuniqueid: 9d581ecac1736df4
username: kat
groupname:
realm:
nasipaddress: ###.###.###.###
nasportid:
nasporttype: Wireless-802.11
acctstarttime: 2008-01-20 23:22:02
acctstoptime: 2008-01-20 23:22:02
acctsessiontime: 1322
acctauthentic: RADIUS
connectinfo_start:
connectinfo_stop:
acctinputoctets: 425841
acctoutputoctets: 170623
calledstationid: 00:0E:0C:2D:18:56
callingstationid: 00:13:e8:6a:e1:cf
acctterminatecause: Admin-Reset
servicetype:
framedprotocol:
framedipaddress: 10.51.2.56
acctstartdelay: 0
acctstopdelay: 0
xascendsessionsvrkey: NULL
26 rows in set (0.00 sec)
You can see from the last row returned that they are indeed logged out.
But attempts to login are futile as radpostauth shows:
+------+------+--------+---------------+--------------------------+
| id | user | pass | reply | date |
+------+------+--------+---------------+--------------------------+
| 97264 | Kat | testing123 | Access-Reject | 2008-01-21 09:40:50 |
+------+------+--------+---------------+--------------------------+
The problem is, if you try to log this person in the server saying that
they are already logged in, because the simul_count_query is picking up
*ALL* rows which have accountstoptime = 0. This is an problem because
all the accounting records are kept in the same place as the start and
stop records, which means that there will always be records with an
acctstoptime=0 in that table. Am I doing anything wrong here? Any tips
on how to fix this problem would be much appreciated.
Thanks in Advance!
Regards,
Dryw Paulic
More information about the Freeradius-Users
mailing list