Simultaneous-Use check not working

DAve dave.list at pixelhammer.com
Mon Oct 27 19:43:21 CET 2008 

tnt at kalik.net wrote:
>> I check for a login using radwho and I
>> see I have a session, I then attempt both a new auth and start
>> accounting again and still radwho shows only one login.
>>
> 
> The fact that you have user listed in radwho doesn't mean that he is
> connected to the NAS as well. checkrad script will delete stale entries
> and allow connection if it "finds out" that there is no such session
> on the NAS.
> 
> To check if Simultaneous use works from accounting data only:
> 
> - change nastype to other in clients.conf

It is "other" both in the localhost client and in the client I created 
to test using radiustest.

> - check if radius "thinks that user is online by running
> simul_count_query by hand

I have, it shows 5 sessions for this user.

mysql> SELECT COUNT(*)  FROM radacct WHERE UserName='yellowhousejake' 
AND AcctStopTime = 0;
+----------+
| COUNT(*) |
+----------+
|        5 |
+----------+
1 row in set (0.00 sec)

> - send Access-Request

Changed Packet-Type to Access-Request, auth is approved.

--------------------10/27/2008 2:26:27 PM Test started 
[check_simul]-------------------------
Info:Sending Access-Request of id 0 to 10.0.241.95:1645
	User-Name = "yellowhousejake"
	User-Password = "marlin"
Info: Access-Accept packet from host 10.0.241.95:1645, id=0, length=89
	Service-Type = Framed-User
	Framed-Protocol = PPP
	Framed-IP-Address = 255.255.255.254
	Framed-IP-Netmask = 255.255.255.255
	Framed-Routing = None
	Framed-Compression = Van-Jacobson-TCP-IP
	Filter-Id = "std.ppp"
	Framed-MTU = 1500
	Port-Limit = 1
	Idle-Timeout = 600
	Session-Timeout = 28800

	   Total approved auths:  1
	     Total denied auths:  0
	       Total lost auths:  0
	       Total time(secs):  0

Since I am testing with a test client from my laptop, and using radtest 
on the radius server (localhost), and using only accounting data to 
check for simultaneous use, does checkrad even come into play?

Thanks,

DAve
> 
> It should fail. But checkrad script is old and there might be issues with
> some nastypes (for instance Cisco OID might need to be changed for some
> equipment). You might need to fix it for your particular NAS.
> 
> Ivan Kalik
> Kalik Informatika ISP
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 


-- 
I am watching the debate and I am very disappointed. The rules are
simple, "answer the question". I would vote right now, and I can
in Indiana, for the man who answered the question directly, in
less than a minute, and then sat down before the green light was out.

More information about the Freeradius-Users mailing list