Simultaneous user check
Muhammad Usman
muhd.usman87 at gmail.com
Wed Apr 23 12:11:37 CEST 2014
Any ideas on this...
On Tue, Apr 22, 2014 at 12:14 PM, Muhammad Usman <muhd.usman87 at gmail.com>wrote:
> Dear Alan,
> Thanks for your reply.. I have uncommented "sql" in session section of
> "/etc/raddb/sites-enabled/default"
> Problem I am facing is that radius is not calling the simultaneous use
> queries during auth time.
>
> When I start radius process, it displays the queries in logs as well,
>
> connect_failure_retry_delay = 60
> simul_count_query = "SELECT COUNT(*) FROM radacct WHERE
> UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
> NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol
> FROM radacct WHERE UserName='%{SQL-User-Name}' AND AcctStopTime IS NULL"
>
>
> I have also executed this statement
> INSERT INTO radgroupcheck (GroupName, Attribute, op, Value)
> values("dialup", "Simultaneous-Use", ":=", "1");
>
> I have also set nastype = other in clients.conf.. but its not calling the
> simultaneous check query while the customer tries to authenticate. Please
> suggest
>
>
>
> # Executing section preacct from file /etc/raddb/sites-enabled/default
> +- entering group preacct {...}
> ++[preprocess] returns ok
> [acct_unique] Hashing 'NAS-Port = 1,Client-IP-Address =
> 192.168.6.144,NAS-IP-Address = 10.233.184.1,Acct-Session-Id =
> "5356150300000001",User-Name = "muhd.usman at hotmail.com"'
> [acct_unique] Acct-Unique-Session-ID = "6660f7aa52e1b7a4".
> ++[acct_unique] returns ok
> [suffix] Looking up realm "hotmail.com" for User-Name = "
> muhd.usman at hotmail.com"
> [suffix] No such realm "hotmail.com"
> ++[suffix] returns noop
> ++[files] returns noop
> # Executing section accounting from file /etc/raddb/sites-enabled/default
> +- entering group accounting {...}
> [detail] expand: %{Packet-Src-IP-Address} -> 192.168.6.144
> [detail] expand:
> /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
> -> /var/log/radius/radacct/192.168.6.144/detail-20140422
> [detail]
> /var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/detail-%Y%m%d
> expands to /var/log/radius/radacct/192.168.6.144/detail-20140422
> [detail] expand: %t -> Tue Apr 22 12:09:27 2014
> ++[detail] returns ok
> ++[unix] returns ok
> [radutmp] expand: /var/log/radius/radutmp -> /var/log/radius/radutmp
> [radutmp] expand: %{User-Name} -> muhd.usman at hotmail.com
> ++[radutmp] returns ok
> [sql] expand: %{User-Name} -> muhd.usman at hotmail.com
> [sql] sql_set_user escaped user --> 'muhd.usman at hotmail.com'
> [sql] expand: INSERT into radacct (AcctStatusType, UserName,
> AcctInputOctets, AcctOutputOctets, AcctInputPackets, AcctOutputPackets,
> AcctSessionTime, AcctTerminateCause, AcctSessionId, FramedIPAddress,
> CallingStationId, CalledStationId, NASIPAddress, NASIDENTIFIER,
> WISPrLocationID, WISPrLocationName) VALUES('%{Acct-Status-Type}',
> '%{User-Name}',0, 0, 0, 0 ,0, '%{Acct-Terminate-Cause}',
> '%{Acct-Session-Id}', '%{Framed-IP-Address}','%{Calling-Station-Id}',
> '%{Called-Station-Id}', '%{NAS-IP-Address}', '%{NAS-Identifier}',
> '%{WISPr-Location-ID}', '%{WISPr-Location-Name}') -> INSERT into radacct
> (AcctStatusType, UserName, AcctInputOctets, AcctOutputOctets,
> AcctInputPackets, AcctOutputPackets, AcctSessionTime, AcctTerminateCause,
> AcctSessionId, FramedIPAddress, CallingStationId, CalledStationId,
> NASIPAddress, NASIDENTIFIER, WISPrLocationID, WISPrLocationName)
> VALUES('Start', 'muhd.usman at hotmail.com',0, 0, 0, 0 ,0, '',
> '5356150300000001', '10.233.184.2','00-21-6A-1E-C2-A2',
> '70-72-CF-25-D8-9E', '10.233.184.1',
> rlm_sql (sql): Reserving sql socket id: 3
> rlm_sql_postgresql: Status: PGRES_COMMAND_OK
> rlm_sql_postgresql: query affected rows = 1
> rlm_sql (sql): Released sql socket id: 3
> ++[sql] returns ok
>
>
>
> Thanks
>
>
> On Sat, Apr 19, 2014 at 5:37 PM, Alan DeKok <aland at deployingradius.com>wrote:
>
>> Muhammad Usman wrote:
>> > I want to enable check that multiple sessions of same users donnot exist
>> > at parallel, I have enabled the two simultaneous check queries in
>> > dialup.conf.
>>
>> That's useful, but not enough. See doc/Simultaneous-Use.
>>
>> > Can some body suggest me what changes are required to bring that
>> > configuration in practise, as currently multiple users can login with
>> > same credentials, radius is not calling simultaneous check queries while
>> > authenticating user.
>>
>> You need to be sure that the NAS is sending accounting packets, that
>> they're being stored in SQL, and that you have the "session" section
>> configured correctly in raddb/sites-enabled/default
>>
>> Alan DeKok.
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140423/b5838b41/attachment.html>
More information about the Freeradius-Users
mailing list