session log in SQL

Khapare Joshi khapare77 at gmail.com
Thu Mar 5 10:16:24 CET 2015 

My NAS was bad - it was not sending accounting data. Now NAS is sending
data and  radacct been populated. So as in FAQ I executed

INSERT INTO radgroupcheck (GroupName, Attribute, op, Value)
values("dialup", "Simultaneous-Use", ":=", "1");

I also tried adding in /etc/raddb/users file

DEFAULT Simultaneous-Use := 1

But I am still allowed to same user (khapare) from two devices.

Here are some SQL part

++[eap] = ok
+} # group authenticate = ok
# Executing section session from file /etc/raddb/sites-enabled/inner-tunnel
+group session {
[sql] 	expand: %{User-Name} -> khapare at realm.com
[sql] sql_set_user escaped user --> 'khapare at realm.com'
[sql] 	expand: SELECT COUNT(*)                              FROM
radacct                              WHERE username =
'%{SQL-User-Name}'                              AND acctstoptime IS
NULL -> SELECT COUNT(*)                              FROM radacct
                        WHERE username = 'khapare at realm.com'
                   AND acctstoptime IS NULL
rlm_sql (sql): Reserving sql socket id: 31
rlm_sql (sql): Released sql socket id: 31
++[sql] = ok
+} # group session = ok
Login OK: [khapare at realm.com] (from client nas1.realm.com port 7174
cli 0021.5c5b.8ef3 via TLS tunnel)

[detail] 	expand: %t -> Thu Mar  5 08:32:49 2015
++[detail] = ok
[sql] 	expand: %{User-Name} -> khapare
[sql] sql_set_user escaped user --> 'khapare'
[sql] 	expand: %{Acct-Delay-Time} -> 0
[sql] 	expand:            INSERT INTO radacct
(acctsessionid,    acctuniqueid,     username,              realm,
       nasipaddress,     nasportid,              nasporttype,
acctstarttime,    acctstoptime,              acctsessiontime,
acctauthentic,    connectinfo_start,              connectinfo_stop,
acctinputoctets,  acctoutputoctets,              calledstationid,
callingstationid, acctterminatecause,              servicetype,
framedprotocol,   framedipaddress,              acctstartdelay,
acctstopdelay,    xascendsessionsvrkey)           VALUES
('%{Acct-Session-Id}', '%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}',              '%{Realm}', '%{NAS-IP-Address}',
'%{NAS-Port}',              '%{NAS-Port-Type}', '%S', NULL,
  '0', '%{Acct-Authentic}', '%{Connect-Info}',              '', '0',
'0',              '%{Called-Station-Id}', '%{Calling-Station-Id}', '',
             '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}',
rlm_sql (sql): Reserving sql socket id: 30
rlm_sql (sql): Released sql socket id: 30
++[sql] = ok
[attr_filter.accounting_response] 	expand: %{User-Name} -> khapare


[root at radiusserver ~]# ./radwhosql
+----------+---------------+-----------+-----------------+---------------------+
| username | acctsessionid | nasportid | nasporttype     | acctstarttime       |
+----------+---------------+-----------+-----------------+---------------------+
| khapare   | 00001B1D      | 7172      | Wireless-802.11 | 2015-03-05
08:29:13 |
| khapare   | 00001B20      | 7174      | Wireless-802.11 | 2015-03-05
08:32:49 |
+----------+---------------+-----------+-----------------+---------------------+
[root at radiusserver ~]#

in radwhosql I just put this line
/usr/bin/mysql -u radius -pBIL$ates  radius -e "select  username,
acctsessionid, nasportid, nasporttype, acctstarttime from radacct
where acctstoptime is NULL ;"

Could it be when radius is exectuing the session section it is looking
for khapare at realm.com but in the database username is only the
username i.e khapare ?  so it seem
Then I changed in

/etc/raddb/sql/mysql/dialup.conf
From
#       sql_user_name = "%{User-Name}"

TO
sql_user_name = "%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}}"

After chaning this my Simultaneous-Use start working

Now my question is:

1. Once I set INSERT INTO radgroupcheck (GroupName, Attribute, op,
Value) values("dialup", "Simultaneous-Use", ":=", "1"); do I still
have to define in /etc/raddb/users file as :
   DEFAULT Simultaneous-Use := 1
   Because this how it worked in my testing e

2. or I am doing stupid here ?


On Tue, Feb 17, 2015 at 2:34 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Feb 17, 2015, at 9:05 AM, Khapare Joshi <khapare77 at gmail.com> wrote:
> > Now its time to configure to log into SQL :) Until now we uses cisco
> > wireless controller and only allow two connection for all users.
> >
> > I wanted to implement Simultaneous-user based in student and staff. and
> > want to use sql for it.
> >
> > My users are authenticate against AD (samb +ntml_auth).
> >
> > So here is what I did :
> >
> > 1. Created database radius.
> > 2. Populated admin.sql into the mysql
> > 3.  Populated schema.sql into the radius database
> > 4. Enabled sql.conf in /etc/raddb/radius.conf
> > 5.  Disabled radutmp and enabled sql in accounting section in
> > /etc/raddb/site-enabled/default
> > 6.  So, added DEFAULT Simultaneous-Use := 2 in /etc/raddb/users file for
> > testing
> > 7. restarted radius - try logging few users
>
>   That’s all good.
>
> > But I do not see any tables in radius database been updated.
>
>   Did you run the server in debugging mode to see what’s it’s doing?
>
> > I just wanted to use session for the simultaneous user for restrict user.
> > if this works then I can write regex to query LDAP if x is staff or
> student.
> >
> > Point me if i am doing wrong or some docs where I can see more reading
> > reading reading.
>
>   Run the server in debugging mode as suggested in the FAQ, “man” page,
> web pages, and daily on this list.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list