Simultaneous-Use := 2 and MySQL
Reilly, Paul
preilly at eastpennsd.org
Wed Feb 25 14:43:47 CET 2015
I configured mysql to use for accounting and can see information in radacct. If I don't set a nas type in clients.conf will Simultaneous-Use only use SQL to check if a user is logged in and not use checkrad (correct)? Also I continue to get the error where setting Simultaneous-Use to :=2 it fails (nas type not set). See information below
When set to Simultaneous-Use := 1 (second user below)
[sql] expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'
[sql] expand: SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'preilly' ORDER BY id
[sql] expand: SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id -> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'preilly' ORDER BY id
[sql] expand: SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority -> SELECT groupname FROM radusergroup WHERE username = 'preilly' ORDER BY priority
[sql] expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'
[sql] expand: SELECT COUNT(*) #FROM radacct #WHERE username = '%{SQL-User-Name}' #AND acctstoptime IS NULL -> SELECT COUNT(*) #FROM radacct #WHERE username = 'preilly' #AND acctstoptime IS NULL
[sql] expand: SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL -> SELECT radacctid, acctsessionid, username, nasipaddress, nasportid, framedipaddress, callingstationid, framedprotocol FROM radacct WHERE username = 'preilly' AND acctstoptime IS NULL
Multiple logins (max 1) : [preilly] (from client Cisco port 0 via TLS tunnel)
User-Name = "preilly"
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
Login incorrect: [preilly/<via Auth-Type = EAP>] (from client Cisco port 13 cli 58-b0-35-67-b6-ed)
[attr_filter.access_reject] expand: %{User-Name} -> preilly
Simultaneous-Use := 2
USER 1:
Login OK: [preilly] (from client Cisco port 0 via TLS tunnel)
expand: %{User-Name} -> preilly
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
[ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
User-Name = "preilly"
User-Name = "preilly"
User-Name = "preilly"
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
Login OK: [preilly] (from client Cisco port 13 cli 60-33-4b-0a-35-7b)
expand: %{User-Name} -> preilly
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
[ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
User-Name = "preilly"
User-Name = "preilly"
[acct_unique] Hashing 'NAS-Port = 13,Client-IP-Address = 172.23.160.4,NAS-IP-Address = 172.23.160.4,Acct-Session-Id = "54edc53c/60:33:4b:0a:35:7b/815513",User-Name = "preilly"'
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
[sql] expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'
USER 2:
Login OK: [preilly] (from client Cisco port 0 via TLS tunnel)
expand: %{User-Name} -> preilly
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
[ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
User-Name = "preilly"
User-Name = "preilly"
User-Name = "preilly"
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
Login OK: [preilly] (from client Cisco port 13 cli 58-b0-35-67-b6-ed)
expand: %{User-Name} -> preilly
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
[ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
User-Name = "preilly"
User-Name = "preilly"
[acct_unique] Hashing 'NAS-Port = 13,Client-IP-Address = 172.23.160.4,NAS-IP-Address = 172.23.160.4,Acct-Session-Id = "54edccc5/58:b0:35:67:b6:ed/816142",User-Name = "preilly"'
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
[sql] expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'
[attr_filter.accounting_response] expand: %{User-Name} -> preilly
USER 3:
Login OK: [preilly] (from client Cisco port 0 via TLS tunnel)
expand: %{User-Name} -> preilly
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
[ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
User-Name = "preilly"
User-Name = "preilly"
User-Name = "preilly"
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
Login OK: [preilly] (from client Cisco port 13 cli 24-a2-e1-d4-66-07)
expand: %{User-Name} -> preilly
expand: (sAMAccountName=%{%{Stripped-User-Name}:-%{User-Name}}) -> (sAMAccountName=preilly)
[ldap] performing search in OU=EPSD,DC=win,DC=eastpennsd,DC=org, with filter (sAMAccountName=preilly)
User-Name = "preilly"
User-Name = "preilly"
[acct_unique] Hashing 'NAS-Port = 13,Client-IP-Address = 172.23.160.4,NAS-IP-Address = 172.23.160.4,Acct-Session-Id = "54edd0ed/24:a2:e1:d4:66:07/816564",User-Name = "preilly"'
[suffix] No '@' in User-Name = "preilly", looking up realm NULL
[sql] expand: %{User-Name} -> preilly
[sql] sql_set_user escaped user --> 'preilly'
[attr_filter.accounting_response] expand: %{User-Name} -> preilly
Below is the table in SQL with all 3 logged in:
mysql> select * from radacct;
+-----------+-----------------------------------+------------------+----------+-----------+-------+--------------+-----------+-----------------+---------------------+--------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------------------+
| radacctid | acctsessionid | acctuniqueid | username | groupname | realm | nasipaddress | nasportid | nasporttype | acctstarttime | acctstoptime | acctsessiontime | acctauthentic | connectinfo_start | connectinfo_stop | acctinputoctets | acctoutputoctets | calledstationid | callingstationid | acctterminatecause | servicetype | framedprotocol | framedipaddress | acctstartdelay | acctstopdelay | xascendsessionsvrkey |
+-----------+-----------------------------------+------------------+----------+-----------+-------+--------------+-----------+-----------------+---------------------+--------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------------------+
| 101 | 54edc53c/60:33:4b:0a:35:7b/815513 | 218dd0fa625ec043 | preilly | | | 172.23.160.4 | 13 | Wireless-802.11 | 2015-02-25 07:51:08 | NULL | 2844 | RADIUS | | NULL | 1198146 | 2596646 | 172.23.160.4 | 172.26.160.75 | | | | 172.26.160.75 | 0 | NULL | |
| 102 | 54edccc5/58:b0:35:67:b6:ed/816142 | def07acd9c4933a3 | preilly | | | 172.23.160.4 | 13 | Wireless-802.11 | 2015-02-25 08:23:18 | NULL | 978 | RADIUS | | NULL | 130719 | 19886 | 172.23.160.4 | 172.26.161.254 | | | | 172.26.161.254 | 0 | NULL | |
| 103 | 54edd0ed/24:a2:e1:d4:66:07/816564 | 72262aa1fafe27d4 | preilly | | | 172.23.160.4 | 13 | Wireless-802.11 | 2015-02-25 08:41:01 | NULL | 0 | RADIUS | | | 0 | 0 | 172.23.160.4 | 172.26.162.1 | | | | 172.26.162.1 | 0 | 0 | |
+-----------+-----------------------------------+------------------+----------+-----------+-------+--------------+-----------+-----------------+---------------------+--------------+-----------------+---------------+-------------------+------------------+-----------------+------------------+-----------------+------------------+--------------------+-------------+----------------+-----------------+----------------+---------------+----------------------+
3 rows in set (0.00 sec)
From
Paul Reilly
More information about the Freeradius-Users
mailing list