Simultaneous-Use check not working
Marcelus Trojahn
trojahn at i-next.psi.br
Mon Oct 27 21:32:25 CET 2008
Are you telling the radius to check for Simultaneous-Use := 1 anywhere?
Even if you have the SQL for simultaneous use uncommented, you still
have to configure Simultaneous-Use := 1 to that specific user or
group, otherwise it will just ignore the SQL...
I also use SQL for my authentication but on the /etc/raddb/users file,
I added the following to force every login to match it:
DEFAULT Simultaneous-Use := 1
Fall-Through = Yes
Try adding that to that file or to add one of that for every user or
group you have in your SQL database. The users file is easier to debug
later IMO...
--
Marcelus Trojahn
I-Conecta Redes de Telecomunicação Ltda
On Mon, Oct 27, 2008 at 1:46 PM, DAve <dave.list at pixelhammer.com> wrote:
> Good afternoon,
>
> I have inherited an aged ICRadius install and I am in process of
> converting to FreeRadius 1.1.7. Currently I have a master DB on our
> Management server replicating to two radius servers. Each radius server
> has a unique sql instance to send accounting data to the master DB.
> Everything is working, the DB conversion from ICRadius to FreeRadius
> went fine.
>
> In testing the only issue I have found is I am unable to stop
> Simultaneous use. I read the docs carefully, checked the Wiki, and I
> believe I have everything configured properly. Using RadiusTest 2.4.3
> and radwho I see the following. I check for a login using radwho and I
> see I have a session, I then attempt both a new auth and start
> accounting again and still radwho shows only one login.
>
> [root at radius1 /usr/local/etc/raddb]# radwho
> Login Name What TTY When From Location
> yellowhous yellowhousejake shell S1 Mon 11:35 192.168.4 192.168.0.1
>
> --------------------10/27/2008 11:55:13 AM Test started [check
> newrad1]-------------------------
> Info:Sending Access-Request of id 0 to 10.0.241.95:1645
> Password = "marlin"
> User-Name = "yellowhousejake"
> Framed-IP-Address = 192.168.0.1
> Acct-Session-Id = "201"
> Info: Access-Accept packet from host 10.0.241.95:1645, id=0, length=89
> Service-Type = Framed-User
> Framed-Protocol = PPP
> Framed-IP-Address = 255.255.255.254
> Framed-IP-Netmask = 255.255.255.255
> Framed-Routing = None
> Framed-Compression = Van-Jacobson-TCP-IP
> Filter-Id = "std.ppp"
> Framed-MTU = 1500
> Port-Limit = 1
> Idle-Timeout = 600
> Session-Timeout = 28800
>
> Total approved auths: 1
> Total denied auths: 0
> Total lost auths: 0
> Total time(secs): 0
> --------------------10/27/2008 11:55:13 AM Test finished [check
> newrad1]-------------------------
>
>
> --------------------10/27/2008 11:55:40 AM Test started [start
> acct]-------------------------
> Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646
> User-Name = "yellowhousejake"
> Acct-Session-Id = "201"
> Acct-Status-Type = Start
> NAS-Port = 1
> Framed-IP-Address = 192.168.0.1
> Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20
> Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646
> User-Name = "yellowhousejake"
> Acct-Session-Id = "201"
> Acct-Status-Type = Alive
> NAS-Port = 1
> Framed-IP-Address = 192.168.0.1
> Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20
>
> Total approved auths: 2
> Total denied auths: 0
> Total lost auths: 0
> Total time(secs): 0
> --------------------10/27/2008 11:55:40 AM Test finished [start
> acct]-------------------------
>
> --------------------10/27/2008 11:55:40 AM Test started [start
> acct]-------------------------
> Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646
> User-Name = "yellowhousejake"
> Acct-Session-Id = "201"
> Acct-Status-Type = Start
> NAS-Port = 1
> Framed-IP-Address = 192.168.0.1
> Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20
> Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646
> User-Name = "yellowhousejake"
> Acct-Session-Id = "201"
> Acct-Status-Type = Alive
> NAS-Port = 1
> Framed-IP-Address = 192.168.0.1
> Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20
>
> Total approved auths: 2
> Total denied auths: 0
> Total lost auths: 0
> Total time(secs): 0
> --------------------10/27/2008 11:55:40 AM Test finished [start
> acct]-------------------------
>
> [root at radius1 /usr/local/etc/raddb]# radwho
> Login Name What TTY When From Location
> yellowhous yellowhousejake shell S1 Mon 11:55 192.168.4 192.168.0.1
>
> Here are the parts of my conf I believe I need to check for simultaneous
> use.
>
> ## radiusd.conf
> radutmp {
> filename = ${logdir}/radutmp
> username = %{User-Name}
> case_sensitive = yes
> check_with_nas = no
> callerid = "yes"
> }
>
>
> accounting {
> radutmp
> ## sradutmp
> sql_acct
> }
>
> session {
> radutmp
> sql_acct
> }
>
> ## sql.conf
> # Uncomment simul_count_query to enable simultaneous use checking
> simul_count_query = "SELECT COUNT(*) \
> FROM ${acct_table1} \
> WHERE UserName='%{SQL-User-Name}' \
> AND AcctStopTime = 0"
>
>
> Note I enabled radutmp after sql was failing to stop the second login. I
> am certain I have missed something simple but I am unable to find it.
> Any help, cluesmacks, etc are appreciated.
>
> DAve
>
>
> --
> I am watching the debate and I am very disappointed. The rules are
> simple, "answer the question". I would vote right now, and I can
> in Indiana, for the man who answered the question directly, in
> less than a minute, and then sat down before the green light was out.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list