Trying to restrict simultaneous-use
Michael Martinez
mwtzzz at gmail.com
Sat Mar 5 17:23:24 CET 2016
I'm doing some tests from localhost to restrict simultaneous-use.
* I have a user defined in the users file with Simultaneous-Use := 1.
* I have the following file which I feed to radclient to initiate an
accounting session for this user:
Packet-Type=4
Packet-Dst-Port=1813
Acct-Session-Id = "4D2BB8AC-00000098"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
User-Name = "spackle"
NAS-Port = 0
Connect-Info = "CONNECT 48Mbps 802.11b"
* In sites-enabled/default I have uncommented "radutmp" and
"sradumtp" in accounting{} and I have uncommented radutmp in session{}
(yes I know sql is faster but this is just for testing)
After running radclient, I see the following with "radwho":
Login Name What TTY When From Location
spackle spackle shell S0 Sat 08:08 127.0.0.1
All good so far.
Now i try to simulate logging in again: radtest spartan password
127.0.0.1 101 hello
I am expecting this to be Rejected, but it gets Accepted instead:
Received Access-Accept Id 212 from 127.0.0.1:1812 to 0.0.0.0:0 length 35
The debug file shows:
(2) # Executing section session from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
(2) session {
(2) radutmp: EXPAND /usr/local/freeradius/var/log/radius/radutmp
(2) radutmp: --> /usr/local/freeradius/var/log/radius/radutmp
(2) radutmp: EXPAND %{User-Name}
(2) radutmp: --> spackle
checkrad: No NAS type, or type "other" not checking
(2) [radutmp] = fail
(2) } # session = fail
radutmp is failing but it still sends an Access-Accept. Any thoughts?
--
---
Michael Martinez
http://www.michael--martinez.com
More information about the Freeradius-Users
mailing list