Simultaneous user check

Muhammad Usman muhd.usman87 at gmail.com
Tue Apr 22 09:14:14 CEST 2014 

Dear Alan,
Thanks for your reply.. I have uncommented "sql" in session section of
"/etc/raddb/sites-enabled/default"
Problem I am facing is that radius is not calling the simultaneous use
queries during auth time.

When I start radius process, it displays the queries in logs as well,

connect_failure_retry_delay = 60
        simul_count_query = "SELECT COUNT(*) FROM radacct WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
        simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol
FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"


I have also executed this statement
INSERT INTO radgroupcheck (GroupName, Attribute, op, Value)
values("dialup", "Simultaneous-Use", ":=", "1");

I have also set nastype = other in clients.conf.. but its not calling the
simultaneous check query while the customer tries to authenticate. Please
suggest



# Executing section preacct from file /etc/raddb/sites-enabled/default
+- entering group preacct {...}
++[preprocess] returns ok
[acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address =
192.168.6.144,NAS-IP-Address = 10.233.184.1,Acct-Session-Id =
"5356150300000001",User-Name = "muhd.usman at hotmail.com"'
[acct_unique] Acct-Unique-Session-ID = "6660f7aa52e1b7a4".
++[acct_unique] returns ok
[suffix] Looking up realm "hotmail.com" for User-Name = "
muhd.usman at hotmail.com"
[suffix] No such realm "hotmail.com"
++[suffix] returns noop
++[files] returns noop
# Executing section accounting from file /etc/raddb/sites-enabled/default
+- entering group accounting {...}
[detail]        expand: %{Packet-Src-IP-Address} -> 192.168.6.144
[detail]        expand:
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
-> /var/log/radius/radacct/192.168.6.144/detail-20140422
[detail]
/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
expands to /var/log/radius/radacct/192.168.6.144/detail-20140422
[detail]        expand: %t -> Tue Apr 22 12:09:27 2014
++[detail] returns ok
++[unix] returns ok
[radutmp]       expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
[radutmp]       expand: %{User-Name} -> muhd.usman at hotmail.com
++[radutmp] returns ok
[sql]   expand: %{User-Name} -> muhd.usman at hotmail.com
[sql] sql_set_user escaped user --> 'muhd.usman at hotmail.com'
[sql]   expand: INSERT into radacct (AcctStatusType, UserName,
AcctInputOctets, AcctOutputOctets, AcctInputPackets, AcctOutputPackets,
AcctSessionTime,  AcctTerminateCause, AcctSessionId, FramedIPAddress,
CallingStationId, CalledStationId, NASIPAddress, NASIDENTIFIER,
WISPrLocationID, WISPrLocationName)  VALUES('%{Acct-Status-Type}',
'%{User-Name}',0, 0, 0, 0 ,0, '%{Acct-Terminate-Cause}',
'%{Acct-Session-Id}', '%{Framed-IP-Address}','%{Calling-Station-Id}',
'%{Called-Station-Id}', '%{NAS-IP-Address}', '%{NAS-Identifier}',
'%{WISPr-Location-ID}', '%{WISPr-Location-Name}') -> INSERT into radacct
(AcctStatusType, UserName, AcctInputOctets, AcctOutputOctets,
AcctInputPackets, AcctOutputPackets, AcctSessionTime,  AcctTerminateCause,
AcctSessionId, FramedIPAddress, CallingStationId, CalledStationId,
NASIPAddress, NASIDENTIFIER, WISPrLocationID, WISPrLocationName)
 VALUES('Start', 'muhd.usman at hotmail.com',0, 0, 0, 0 ,0, '',
'5356150300000001', '10.233.184.2','00-21-6A-1E-C2-A2',
'70-72-CF-25-D8-9E', '10.233.184.1',
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_postgresql: Status: PGRES_COMMAND_OK
rlm_sql_postgresql: query affected rows = 1
rlm_sql (sql): Released sql socket id: 3
++[sql] returns ok



Thanks


On Sat, Apr 19, 2014 at 5:37 PM, Alan DeKok <aland at deployingradius.com>wrote:

> Muhammad Usman wrote:
> > I want to enable check that multiple sessions of same users donnot exist
> > at parallel, I have enabled the two simultaneous check queries in
> > dialup.conf.
>
>   That's useful, but not enough.  See doc/Simultaneous-Use.
>
> > Can some body suggest me what changes are required to bring that
> > configuration in practise, as currently multiple users can login with
> > same credentials, radius is not calling simultaneous check queries while
> > authenticating user.
>
>   You need to be sure that the NAS is sending accounting packets, that
> they're being stored in SQL, and that you have the "session" section
> configured correctly in raddb/sites-enabled/default
>
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140422/1f21a40e/attachment.html>

More information about the Freeradius-Users mailing list