Simultaneous-Use check not working

DAve dave.list at pixelhammer.com
Mon Oct 27 22:24:34 CET 2008 

Marcelus Trojahn wrote:
> Are you telling the radius to check for Simultaneous-Use := 1 anywhere?
> 
> Even if you have the SQL for simultaneous use uncommented, you still
> have to configure Simultaneous-Use := 1 to that specific user or
> group, otherwise it will just ignore the SQL...
> 
> I also use SQL for my authentication but on the /etc/raddb/users file,
> I added the following to force every login to match it:
> 
> DEFAULT Simultaneous-Use := 1
>         Fall-Through = Yes
> 
> Try adding that to that file or to add one of that for every user or
> group you have in your SQL database. The users file is easier to debug
> later IMO...

Hmmm, the previous ICR install has only Simultaneous-Use = 2 for the 
group allowed SU.

Do I need to set Simultaneous-Use := 1 for the groups not allowed SU, 
and Simultaneous-Use := 2 for the group allowed SU?

DAve


> 
> --
> Marcelus Trojahn
> I-Conecta Redes de Telecomunicação Ltda
> 
> 
> On Mon, Oct 27, 2008 at 1:46 PM, DAve <dave.list at pixelhammer.com> wrote:
>> Good afternoon,
>>
>> I have inherited an aged ICRadius install and I am in process of
>> converting to FreeRadius 1.1.7. Currently I have a master DB on our
>> Management server replicating to two radius servers. Each radius server
>> has a unique sql instance to send accounting data to the master DB.
>> Everything is working, the DB conversion from ICRadius to FreeRadius
>> went fine.
>>
>> In testing the only issue I have found is I am unable to stop
>> Simultaneous use. I read the docs carefully, checked the Wiki, and I
>> believe I have everything configured properly. Using RadiusTest 2.4.3
>> and radwho I see the following. I check for a login using radwho and I
>> see I have a session, I then attempt both a new auth and start
>> accounting again and still radwho shows only one login.
>>
>> [root at radius1 /usr/local/etc/raddb]# radwho
>> Login      Name              What  TTY  When      From      Location
>> yellowhous yellowhousejake   shell S1   Mon 11:35 192.168.4 192.168.0.1
>>
>> --------------------10/27/2008 11:55:13 AM Test started  [check
>> newrad1]-------------------------
>> Info:Sending Access-Request of id 0 to 10.0.241.95:1645
>>        Password = "marlin"
>>        User-Name = "yellowhousejake"
>>        Framed-IP-Address = 192.168.0.1
>>        Acct-Session-Id = "201"
>> Info: Access-Accept packet from host 10.0.241.95:1645, id=0, length=89
>>        Service-Type = Framed-User
>>        Framed-Protocol = PPP
>>        Framed-IP-Address = 255.255.255.254
>>        Framed-IP-Netmask = 255.255.255.255
>>        Framed-Routing = None
>>        Framed-Compression = Van-Jacobson-TCP-IP
>>        Filter-Id = "std.ppp"
>>        Framed-MTU = 1500
>>        Port-Limit = 1
>>        Idle-Timeout = 600
>>        Session-Timeout = 28800
>>
>>           Total approved auths:  1
>>             Total denied auths:  0
>>               Total lost auths:  0
>>               Total time(secs):  0
>> --------------------10/27/2008 11:55:13 AM Test finished [check
>> newrad1]-------------------------
>>
>>
>> --------------------10/27/2008 11:55:40 AM Test started  [start
>> acct]-------------------------
>> Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646
>>        User-Name = "yellowhousejake"
>>        Acct-Session-Id = "201"
>>        Acct-Status-Type = Start
>>        NAS-Port = 1
>>        Framed-IP-Address = 192.168.0.1
>> Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20
>> Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646
>>        User-Name = "yellowhousejake"
>>        Acct-Session-Id = "201"
>>        Acct-Status-Type = Alive
>>        NAS-Port = 1
>>        Framed-IP-Address = 192.168.0.1
>> Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20
>>
>>           Total approved auths:  2
>>             Total denied auths:  0
>>               Total lost auths:  0
>>               Total time(secs):  0
>> --------------------10/27/2008 11:55:40 AM Test finished [start
>> acct]-------------------------
>>
>> --------------------10/27/2008 11:55:40 AM Test started  [start
>> acct]-------------------------
>> Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646
>>        User-Name = "yellowhousejake"
>>        Acct-Session-Id = "201"
>>        Acct-Status-Type = Start
>>        NAS-Port = 1
>>        Framed-IP-Address = 192.168.0.1
>> Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20
>> Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646
>>        User-Name = "yellowhousejake"
>>        Acct-Session-Id = "201"
>>        Acct-Status-Type = Alive
>>        NAS-Port = 1
>>        Framed-IP-Address = 192.168.0.1
>> Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20
>>
>>           Total approved auths:  2
>>             Total denied auths:  0
>>               Total lost auths:  0
>>               Total time(secs):  0
>> --------------------10/27/2008 11:55:40 AM Test finished [start
>> acct]-------------------------
>>
>> [root at radius1 /usr/local/etc/raddb]# radwho
>> Login      Name              What  TTY  When      From      Location
>> yellowhous yellowhousejake   shell S1   Mon 11:55 192.168.4 192.168.0.1
>>
>> Here are the parts of my conf I believe I need to check for simultaneous
>> use.
>>
>> ## radiusd.conf
>> radutmp {
>>    filename = ${logdir}/radutmp
>>    username = %{User-Name}
>>    case_sensitive = yes
>>    check_with_nas = no
>>    callerid = "yes"
>> }
>>
>>
>> accounting {
>>    radutmp
>> ##  sradutmp
>>    sql_acct
>> }
>>
>> session {
>>    radutmp
>>    sql_acct
>> }
>>
>> ## sql.conf
>> # Uncomment simul_count_query to enable simultaneous use checking
>> simul_count_query = "SELECT COUNT(*) \
>>  FROM ${acct_table1} \
>>  WHERE UserName='%{SQL-User-Name}' \
>>  AND AcctStopTime = 0"
>>
>>
>> Note I enabled radutmp after sql was failing to stop the second login. I
>> am certain I have missed something simple but I am unable to find it.
>> Any help, cluesmacks, etc are appreciated.
>>
>> DAve
>>
>>
>> --
>> I am watching the debate and I am very disappointed. The rules are
>> simple, "answer the question". I would vote right now, and I can
>> in Indiana, for the man who answered the question directly, in
>> less than a minute, and then sat down before the green light was out.
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
> 
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> 
> 


-- 
I am watching the debate and I am very disappointed. The rules are
simple, "answer the question". I would vote right now, and I can
in Indiana, for the man who answered the question directly, in
less than a minute, and then sat down before the green light was out.

More information about the Freeradius-Users mailing list