Trying to restrict simultaneous-use

Michael Martinez mwtzzz at gmail.com
Sat Mar 5 17:23:24 CET 2016


I'm doing some tests from localhost to restrict simultaneous-use.

  * I have a user defined in the users file with Simultaneous-Use := 1.
  * I have the following file which I feed to radclient to initiate an
accounting session for this user:
Packet-Type=4
Packet-Dst-Port=1813
Acct-Session-Id = "4D2BB8AC-00000098"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
User-Name = "spackle"
NAS-Port = 0
Connect-Info = "CONNECT 48Mbps 802.11b"

  * In sites-enabled/default I have uncommented "radutmp" and
"sradumtp" in accounting{} and I have uncommented radutmp in session{}
(yes I know sql is faster but this is just for testing)

After running radclient, I see the following with "radwho":
Login      Name       What  TTY  When      From     Location
spackle    spackle           shell S0   Sat 08:08 127.0.0.1

All good so far.
Now i try to simulate logging in again: radtest spartan password
127.0.0.1 101 hello
I am expecting this to be Rejected, but it gets Accepted instead:
Received Access-Accept Id 212 from 127.0.0.1:1812 to 0.0.0.0:0 length 35

The debug file shows:
(2) # Executing section session from file
/usr/local/freeradius/etc/raddb/sites-enabled/default
(2)   session {
(2) radutmp: EXPAND /usr/local/freeradius/var/log/radius/radutmp
(2) radutmp:    --> /usr/local/freeradius/var/log/radius/radutmp
(2) radutmp: EXPAND %{User-Name}
(2) radutmp:    --> spackle
checkrad: No NAS type, or type "other" not checking
(2)     [radutmp] = fail
(2)   } # session = fail


radutmp is failing but it still sends an Access-Accept. Any thoughts?
-- 
---
Michael Martinez
http://www.michael--martinez.com


More information about the Freeradius-Users mailing list