session log in SQL

Khapare Joshi khapare77 at gmail.com
Wed Mar 18 14:06:07 CET 2015 

Thanks Alan,

It looks Simualtaneous-use seem to be working in my test environment.

I set DEFAULT Simultaneous-Use := 2 in users file and perform the test with
the configuration. This works  what it should be :

++[eap] = ok
+} # group authenticate = ok
# Executing section session from file /etc/raddb/sites-enabled/inner-tunnel
+group session {
[sql]     expand: %{Stripped-User-Name} -> khapare
[sql]     expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
khapare
[sql] sql_set_user escaped user --> 'khapare'
[sql]     expand: SELECT COUNT(*)                              FROM
radacct                              WHERE username =
'%{SQL-User-Name}'                              AND acctstoptime IS NULL ->
SELECT COUNT(*)                              FROM
radacct                              WHERE username =
'khapare'                              AND acctstoptime IS NULL
rlm_sql (sql): Reserving sql socket id: 3
rlm_sql_mysql: MYSQL check_error: 2006, returning SQL_DOWN
rlm_sql (sql): Attempting to connect rlm_sql_mysql #3
rlm_sql_mysql: Starting connect to MySQL server for #3
rlm_sql (sql): Connected new DB handle, #3
rlm_sql (sql): Released sql socket id: 3
++[sql] = ok
+} # group session = ok
Multiple logins (max 2) : [khapare at realm.com] (from client nas1.realm.com
port 7348 cli 2002.afd1.523e via TLS tunnel)
Using Post-Auth-Type REJECT
# Executing group from file /etc/raddb/sites-enabled/inner-tunnel
+group REJECT {
[attr_filter.access_reject]     expand: %{User-Name} -> khapare at realm.com
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] = updated
+} # group REJECT = updated
} # server inner-tunnel
[peap] Got tunneled reply code 3
    Reply-Message := "\r\nYou are already logged in 2 times  - access
denied\r\n\n"
[peap] Got tunneled reply RADIUS code 3
    Reply-Message := "\r\nYou are already logged in 2 times  - access
denied\r\n\n"
[peap] Tunneled authentication was rejected.
[peap] FAILURE

This is good. Now I want to search users in ldap for their group membership
and set the simulataneous-use

if users is a student simualtaneous-use :=2
               if uses is a staff Simualtaneous-Use :=5
                   rest others = 7








On Thu, Mar 5, 2015 at 12:56 PM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Mar 5, 2015, at 4:16 AM, Khapare Joshi <khapare77 at gmail.com> wrote:
> > My NAS was bad - it was not sending accounting data. Now NAS is sending
> > data and  radacct been populated.
>
>   That’s usually the problem.
>
> > Could it be when radius is exectuing the session section it is looking
> > for khapare at realm.com but in the database username is only the
> > username i.e khapare ?
>
>   Yes.  If you run the server in debugging mode, you’ll see what it’s
> doing.
>
> > 1. Once I set INSERT INTO radgroupcheck (GroupName, Attribute, op,
> > Value) values("dialup", "Simultaneous-Use", ":=", "1"); do I still
> > have to define in /etc/raddb/users file as :
>
>   No.  The server doesn’t care where an attribute comes from.
>
> > 2. or I am doing stupid here ?
>
>   No.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>

More information about the Freeradius-Users mailing list