Problem with Simultaneous-Use

Tue Jun 9 07:13:26 CEST 2015

Hi everybody.
Actually I didn't carefully read your config, but there are a lot of to configure to make it work.
Did you configured checkrad script itself? - There is wrong SNMP OID for Cisco WLC. You need to set up SNMP community on controller also.
Did you get something like this when you run checkrad?

:~$ sudo checkrad -d cisco A.B.C.D 161 Username Username
snmpget: /usr/bin/snmpget -r 1 -t 5 -v2c -c 'checkrad' A.B.C.D .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.161
  user at port S161: No
snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'checkrad' A.B.C.D 1.3.6.1.4.1.14179.2.1.4.1.3

I was not successful when I wanted restrict User for 2 simultaneous logins. Only one login. With 2 it doesn't work.

Понедельник,  8 июня 2015, 14:39 -04:00 от Alan DeKok <aland at deployingradius.com>:
>On Jun 8, 2015, at 2:26 PM, Felipe Lopez Placencio < felipe.lopez at pucv.cl > wrote:
>>   Yes, all users can log in 3 times, as we configured in the WLC Cisco,
>> but we want to restrict one group in 2 connections.
>
>  You've already said that.
>
>>> After the user logs in, does the client send an accounting "start"
>> packet?
>> 
>>   We suppose. The log detail shows:
>
>  <sigh>  The debug output is useful.  The detail log isn't useful.
>
>  Why?  Because the debug output shows EVERYTHING.
>
>>> Is that packet stored in a DB (radutmp, sql, etc.)
>> 
>>   Yes, the packet is stored in radutmp, but only the last connection.
>> Thats mean that appears only one input.
>
>  That's the problem, then.  The AP is telling FreeRADIUS that the user is logging in once.  And then again, from the same connection.
>
>  So the user *isn't* logging in twice, from two different connections.  He's logging in twice from the SAME connection.
>
>  This isn't magic.  FreeRADIUS can't magically know your intent.  It can't know that even though the NAS *claims* the two logins are the same... that you think they're actually different.
>
>  So... are the requests the same?  You clearly don't know.  Because you haven't looked at the debug log.  Or if you did look there, you didn't notice the *important* pieces.
>
>>> Does the server discover that the user is already logged in?
>> 
>>   We think no, because doesn't work.
>
>  "It doesn't work" is almost always a bad answer.
>
>>> What happens then?
>> 
>>   We don't know for what reason does not work.
>
>  Yes, you do.  See above.
>
>>> The debug output, as suggested in the FAQ, "man" page, web pages, and
>> daily on this list?
>> 
>>    The debug doesn't show any error or warning.
>
>  <sigh>  You can't get it to work.  I ask for the debug log, and you say "it doesn't show anything".
>
>  Really?  You're asking for help, and when I tell you I need the debug output, your response is essentially "No, you don't".
>
>  That's rude.  I've never understood why some people ask for help, and then fight against every attempt to help them.
>
>  Alan DeKok.
>
>
>-
>List info/subscribe/unsubscribe? See  http://www.freeradius.org/list/users.html