simultaneous use

Bill Schoolfield bill at billmax.com
Mon Jan 2 22:44:23 CET 2017 

Hmm. No NAS, using radtest or radclient to simulate what needs to happen.

I created a single radacct record for a test user with a null stop time 
and I expect the auth to fail unless the group Simultaneous-Use is 
overwitten by a user specific radcheck attribute of the same name.

This works:

mysql> select * from radgroupcheck;
+----+--------------------+------------------+----+-------+
| id | groupname          | attribute        | op | value |
+----+--------------------+------------------+----+-------+
|  1 | Package2MB         | Simultaneous-Use | =  | 1     |

mysql> select * from radcheck where username like 'test at livenet.bm';
+-----+-----------------+--------------------+----+---------+
| id  | username        | attribute          | op | value |
+-----+-----------------+--------------------+----+---------+
|   1 | test at livenet.bm | Cleartext-Password | := | test123 |
| 584 | test at livenet.bm | Simultaneous-Use   | := | 3 |

mysql> select * from radusergroup where username like 'test at livenet.bm';
+-----------------+------------+----------+
| username        | groupname  | priority |
+-----------------+------------+----------+
| test at livenet.bm | Package2MB |        1 |
+-----------------+------------+----------+

But if the radcheck table doesn't have the Simultaneous-Use entry, the 
auth is allowed.

Bill





On 1/2/2017 3:26 PM, Alan DeKok wrote:
> On Jan 2, 2017, at 2:25 PM, Bill Schoolfield <bill at billmax.com> wrote:
>> I have a client that wanted his customers limited to a single connection. So I implemented:
>>
>> mysql> select * from radgroupcheck;
>> +----+--------------------+------------------+----+-------+
>> | id | groupname          | attribute        | op | value |
>> +----+--------------------+------------------+----+-------+
>> |  1 | Package2MB         | Simultaneous-Use | := | 1 |
>>
>> After some time and 100's of subscribers he now wants on a case by case (ie user) basis to allow multiple simultaneous sessions.
>>
>> I thought I just add Simultaneous-Use to radcheck for those users and use the "appropriate" operators.
>    That should work.  If the NAS is sending accounting packets.
>
>> I can't seem to get this to work. I'm trying to avoid dropping the use of radgroupcheck and adding the Simultaneous-Use radcheck attribute to all users.
>    WHat's going wrong?
>
>> Is this possible? What operators do I use? I used '=' in radgroupcheck and that succeeded in allowing the radcheck item to "override" the radgroupcheck item but the check fails if no radcheck item exists (as will be the case in many instances).
>    Use ":=" for the operator.
>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list