Simultaneous login Issue on Freeradius

Praveen Kumar devownlinux at gmail.com
Fri Sep 5 14:02:58 CEST 2008


Hi Alan,

LDAP does provide the centralized authentication, but the simultaneous login
can not be restricted to 1.

But i have seen in the freeRadius features that the simultaneous login can
be restricted.
http://freeradius.org/features.html

If I Do like this in the /etc/raddb/users file

DEFAULT Auth-Type := LDAP, Simultaneous-Use := 1
               Fall-Through = 1

Will this restrict the simultaneous login..


I am trying to configure the FreeRadius Server on My Linux machine and test
it with pam_radius having the /etc/raddb/server file pointing to the
localhost. It is not able to authenticate and showing
Auth: login incorrect (rlm_ldap: Bind as user failed): [root/r1.\341\362...]
(from client localhost port 2616)

But when I try to test the radius server using the command

radtest root root localhost 2 secret

it gives  -- rad_recv: Access-Access packet from host 127.0.0.1:1812,
id=120, length=20


I feel the password it provide as r1.\341\362... like this, may be in some
encrypted form which not authenticated by the server, while with radtest the
password root given as clear text.

Could you please tell some thing solve this, so that i can use the
pam_radius module to authenticate the username/password , when i log in the
machine.

Regards



On 9/4/08, Alan DeKok <aland at deployingradius.com> wrote:
>
> Praveen Kumar wrote:
> > I am a newbie for FreeRadius. I need some information on freeradius
> > regarding my requirement for authentication and session control.
>
> I don't think RADIUS can do that.  I'm not even sure LDAP can do that.
>
> > 3 Once authenticated, the user should be allowed the single-sign on.
>
> Single sign on?
>
> > 4 The session for that user should be restricted to one in simultaneous
> > log in. i.e The user which is already log in should not be allowed to
> > login into other machine in the network.
>
> This involves tracking things centrally.  You'll need to write custom
> scripts to track this.
>
> And how will you tell when the user logs off?
>
> > 5 The machine should not allow any user to log in by using the local log
> > in setting (/etc/passwd). i.e The machine should be connected  the
> > network or Internet for log in.
>
> Hmm...  That doesn't sound right.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20080905/33f41242/attachment.html>


More information about the Freeradius-Users mailing list