simultaneous use
Alan DeKok
aland at deployingradius.com
Mon Jan 2 22:46:41 CET 2017
> On Jan 2, 2017, at 4:44 PM, Bill Schoolfield <bill at billmax.com> wrote:
>
> Hmm. No NAS, using radtest or radclient to simulate what needs to happen.
You need to send accounting "start" packets, too. We should really have automated tests for this...
> I created a single radacct record for a test user with a null stop time and I expect the auth to fail unless the group Simultaneous-Use is overwitten by a user specific radcheck attribute of the same name.
>
> This works:
>
> mysql> select * from radgroupcheck;
> +----+--------------------+------------------+----+-------+
> | id | groupname | attribute | op | value |
> +----+--------------------+------------------+----+-------+
> | 1 | Package2MB | Simultaneous-Use | = | 1 |
>
> mysql> select * from radcheck where username like 'test at livenet.bm';
> +-----+-----------------+--------------------+----+---------+
> | id | username | attribute | op | value |
> +-----+-----------------+--------------------+----+---------+
> | 1 | test at livenet.bm | Cleartext-Password | := | test123 |
> | 584 | test at livenet.bm | Simultaneous-Use | := | 3 |
>
> mysql> select * from radusergroup where username like 'test at livenet.bm';
> +-----------------+------------+----------+
> | username | groupname | priority |
> +-----------------+------------+----------+
> | test at livenet.bm | Package2MB | 1 |
> +-----------------+------------+----------+
>
> But if the radcheck table doesn't have the Simultaneous-Use entry, the auth is allowed.
As always, read the debug output to see what's going on.
Alan DeKok.
More information about the Freeradius-Users
mailing list