checkrad and db based simultaneous use checks

Alan DeKok aland at
Mon Jan 26 23:26:44 CET 2015

On Jan 26, 2015, at 5:23 PM, Bill Schoolfield <bill at> wrote:
> Hmm... so the simultaneous check will fail in cases where there's nothing in radacct for the user but there is indeed an active session on the NAS? Admittedly this should be rare compared to the case where  bogus info is in redact.

  In that case, the user will be let onto the network.  The presumption is that the accounting table has accounting information in it.  If there’s no accounting data, well… there isn’t much that can be done.

  Some NAS… somewhere… will have the user logged in.  But that NAS isn’t sending accounting data to the RADIUS server.

  The correct fix here is to make sure the NAS sends accounting data.  We can’t query ALL of the NASes to see if (maybe) a particular user is logged in.  That approach is a disaster.

  Alan DeKok.

More information about the Freeradius-Users mailing list