Simultaneos-Use in login for same mac-address

Jean Carlos Oliveira Guandalini jeanguandalini at visaonet.com.br
Fri Jun 6 18:40:09 CEST 2008 

Ivan Kalik escreveu:
> Your NAS is rubbish. It sent stop packet for the first session.
> Freeradius didn't "close" this session - Mikrotik did.
>   
Thank you, I will verify this mikrotik.
> Ivan Kalik
> Kalik Informatika ISP
>
>
> Dana 6/6/2008, "Jean Carlos Oliveira Guandalini"
> <jeanguandalini at visaonet.com.br> piše:
>
>   
>> Ivan Kalik escreveu:
>>     
>>> No. There is no simultaneous login here:
>>>
>>> session1:
>>>
>>> start: 11:08:45
>>> stop: 11:08:46
>>>
>>> session2:
>>>
>>> start: 11:08:49
>>>   
>>>       
>> but the session1 not ended, it closed at freeradius when the second 
>> session trying to connect. In my "NAS(Mikrotik)" there are two 
>> connections, with different ip address.
>>
>> Thanks
>>
>>     
>>> Ivan Kalik
>>> Kalik Informatika ISP
>>>
>>>
>>> Dana 6/6/2008, "Jean Carlos Oliveira Guandalini"
>>> <jeanguandalini at visaonet.com.br> piše:
>>>
>>>   
>>>       
>>>> Hello,
>>>>
>>>> we have a problem of mac-address clone, and we use the Simultaneous-Use: 
>>>> = 1 option to not allow double login, but when this is a case of the 
>>>> clone mac-address the freeradius allows the connection.
>>>>
>>>> Log of sql.trace:
>>>> INSERT into radpostauth (id, user, pass, reply, date) values ('', 
>>>> 'userlogin', '290476', 'Access-Accept', NOW());
>>>> INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, 
>>>> NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, 
>>>> AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, 
>>>> AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, 
>>>> AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, 
>>>> AcctStartDelay, AcctStopDelay) values('81b00935', 'bcc93b20ea389f59', 
>>>> 'userlogin', '', '10.0.6.10', '2447', 'Ethernet', '2008-06-06 11:08:45', 
>>>> '0', '0', 'RADIUS', '', '', '0', '0', 'INTERNET', '00:4F:62:0A:1F:BF', 
>>>> '', 'Framed-User', 'PPP', '111.111.111.111', '0', '0');
>>>> UPDATE radacct SET AcctStopTime = '2008-06-06 11:08:46', AcctSessionTime 
>>>> = '0', AcctInputOctets = '0', AcctOutputOctets = '0', AcctTerminateCause 
>>>> = '', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = 
>>>> '81b00935' AND UserName = 'userlogin' AND NASIPAddress = '10.0.6.10';
>>>> INSERT into radpostauth (id, user, pass, reply, date) values ('', 
>>>> 'userlogin', '290476', 'Access-Accept', NOW());
>>>> INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, 
>>>> NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, 
>>>> AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, 
>>>> AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, 
>>>> AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, 
>>>> AcctStartDelay, AcctStopDelay) values('81b00936', '3f7c1d06dbd205d4', 
>>>> 'userlogin', '', '10.0.6.10', '2448', 'Ethernet', '2008-06-06 11:08:49', 
>>>> '0', '0', 'RADIUS', '', '', '0', '0', 'INTERNET', '00:4F:62:0A:1F:BF', 
>>>> '', 'Framed-User', 'PPP', '111.111.111.111', '0', '0');
>>>>
>>>>
>>>> Queries in sql.conf:
>>>> simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE 
>>>> UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
>>>> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, 
>>>> NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, 
>>>> FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND 
>>>> AcctStopTime = 0"
>>>>
>>>>
>>>> despite the mac-address to match are two different users, and the second 
>>>> to connect without first disconnecting was before.
>>>> Is there any possibliidade to block it?
>>>>
>>>>
>>>> Thanks
>>>>
>>>> Sorry for my english (By Google Tradutor)
>>>>
>>>> -- 
>>>> Jean Carlos Oliveira Guandalini
>>>> Dep. de Redes e Infra-estrutura
>>>> VisăoNet Tecnologia e Telecomunicaçőes
>>>> 0800-643-5025
>>>>
>>>> -
>>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml
>>>>
>>>>
>>>>     
>>>>         
>>> -
>>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>>
>>>
>>>   
>>>       
>> -- 
>> Jean Carlos Oliveira Guandalini
>> Dep. de Redes e Infra-estrutura
>> Visa~oNet Tecnologia e Telecomunicaço~es
>> 0800-643-5025
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>>
>>
>>     
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
>   


-- 
Jean Carlos Oliveira Guandalini
Dep. de Redes e Infra-estrutura
Visa~oNet Tecnologia e Telecomunicaço~es
0800-643-5025

More information about the Freeradius-Users mailing list