Simultaneous-Use in proxy

Renato Sousa rensousa at gmail.com
Mon May 18 15:35:23 CEST 2015 

>
>
>   It doesn't print out every attribute added to the request.
>
>   It DOES print out while line in the "users" file it matched.
>
>   So... read the debug output, and see which line it matched.
>

Analyzing the debug log, I noticed that the user was authenticated using
the DEFAULT entry of users file.
...
rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx port 53432,
id=83, length=182
        User-Name = "myuser at mydomain"
        NAS-IP-Address = 172.19.13.1
        NAS-Identifier = "24a43cb0fbad"
        NAS-Port = 0
        Called-Station-Id = "24-A4-3C-B2-FB-AD:mySSID"
        Calling-Station-Id = "68-94-23-92-31-83"
        Framed-MTU = 1400
        NAS-Port-Type = Wireless-802.11
        Connect-Info = "CONNECT 0Mbps 802.11b"
        EAP-Message = 0x021800130135303832323639407573702e6272
        Message-Authenticator = 0xc1d89f6280337eadb910a0518a2bcd95
# Executing section authorize from file
/etc/freeradius/sites-enabled/default
+group authorize {
++[preprocess] = ok
[suffix] Looking up realm "mydomain" for User-Name = "myuser at mydomain"
[suffix] Found realm "DEFAULT"
[suffix] Adding Realm = "DEFAULT"
[suffix] Proxying request from user myuser to realm DEFAULT
[suffix] Preparing to proxy authentication request to realm "DEFAULT"
++[suffix] = updated
[eap] Request is supposed to be proxied to Realm DEFAULT.  Not doing EAP.
++[eap] = noop
*[files] users: Matched entry DEFAULT at line 204*
++[files] = ok
++[expiration] = noop
++[logintime] = noop
++[pap] = noop
+} # group authorize = updated
  WARNING: Empty pre-proxy section.  Using default return values.
...

After several authentication messages between the freeradius server, the
user is successfully authenticated.
...
Sending Access-Accept of id 95 to xxx.xxx.xxx.xxx port 53432
        User-Name = "myuser"
        MS-MPPE-Recv-Key = 0x84a262...a00b3822ea7aa
        MS-MPPE-Send-Key = 0xef80f42...f18461fe508d95
        EAP-Message = 0x03240004
        Message-Authenticator = 0x00000000000000000000000000000000
...

The line 204 of the user file contains:
DEFAULT Simultaneous-Use := 1
          Fall-Through = 1

However the user can get more than one simultaneous connection.
Any idea ?

Thank you for your help!

Renato L. Sousa

More information about the Freeradius-Users mailing list