Simultaneous-Use check not working
DAve
dave.list at pixelhammer.com
Mon Oct 27 19:43:21 CET 2008
tnt at kalik.net wrote:
>> I check for a login using radwho and I
>> see I have a session, I then attempt both a new auth and start
>> accounting again and still radwho shows only one login.
>>
>
> The fact that you have user listed in radwho doesn't mean that he is
> connected to the NAS as well. checkrad script will delete stale entries
> and allow connection if it "finds out" that there is no such session
> on the NAS.
>
> To check if Simultaneous use works from accounting data only:
>
> - change nastype to other in clients.conf
It is "other" both in the localhost client and in the client I created
to test using radiustest.
> - check if radius "thinks that user is online by running
> simul_count_query by hand
I have, it shows 5 sessions for this user.
mysql> SELECT COUNT(*) FROM radacct WHERE UserName='yellowhousejake'
AND AcctStopTime = 0;
+----------+
| COUNT(*) |
+----------+
| 5 |
+----------+
1 row in set (0.00 sec)
> - send Access-Request
Changed Packet-Type to Access-Request, auth is approved.
--------------------10/27/2008 2:26:27 PM Test started
[check_simul]-------------------------
Info:Sending Access-Request of id 0 to 10.0.241.95:1645
User-Name = "yellowhousejake"
User-Password = "marlin"
Info: Access-Accept packet from host 10.0.241.95:1645, id=0, length=89
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-Compression = Van-Jacobson-TCP-IP
Filter-Id = "std.ppp"
Framed-MTU = 1500
Port-Limit = 1
Idle-Timeout = 600
Session-Timeout = 28800
Total approved auths: 1
Total denied auths: 0
Total lost auths: 0
Total time(secs): 0
Since I am testing with a test client from my laptop, and using radtest
on the radius server (localhost), and using only accounting data to
check for simultaneous use, does checkrad even come into play?
Thanks,
DAve
>
> It should fail. But checkrad script is old and there might be issues with
> some nastypes (for instance Cisco OID might need to be changed for some
> equipment). You might need to fix it for your particular NAS.
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
>
--
I am watching the debate and I am very disappointed. The rules are
simple, "answer the question". I would vote right now, and I can
in Indiana, for the man who answered the question directly, in
less than a minute, and then sat down before the green light was out.
More information about the Freeradius-Users
mailing list