FreeRADIUS 3.0.12, Ubuntu 16.04 - Python module is unable to load
Alan DeKok
aland at deployingradius.com
Mon Jul 3 13:03:58 CEST 2017
On Jul 3, 2017, at 1:52 AM, Cuong Nguyen <cuong.nguyenduy at gmail.com> wrote:
> Let me explain what I try to do:
> 1. I'd want to limit a number of concurrent sessions a user is allowed. In
> LDAP, there is an attribute - MaxConnection - to indicate maximum
> concurrent sessions a user can have
OK...
> 2. Since FreeRADIUS does not keep track of the number of sessions,
Uh... what?
FreeRADIUS writes session data to a database. You can query the database from FreeRADIUS. This is even documented with examples in the default configuration.
> my
> script will perform the following
> - POST-AUTH: For the user, get the number of sessions in MySQL, and get the
> MaxConnection from LDAP, then compare the two. If there are sessions >=
> MaxConnection --> Reject
That's threelines of unlang:
if ("%{sql:SELECT sessions...}" >= "%{ldap:get maxconnection}") {
reject
}
The only "magic" here is writing the correct SQL select query, and writing the correct LDAP query to get MaxConnection for a user.
And those two queries are just normal SQL / LDAP queries. You can write them and test them in an SQL or LDAP tool, and then just copy them to FreeRADIUS. Replace the actual user name with %{User-Name}, and you're good to go.
> - ACCOUTING: If it is Accounting-Start --> Record in MySQL, if
> Accounting-Interim --> Update in MySQL, if Accounting-Stop --> Delete in
> MySQL
The default SQL module already does this. It's documented as doing this. There are tons of examples available.
Why are you re-inventing this?
> Second, I did look at the LDAP module, but have no clue how to implement
> the logic I describe above. In my debug output above, I *did* include sql
> for the purpose of testing. In actual deployment, this will not be used
> (MySQL operations will be done by the script).
>
> I even tried this in LDAP module in order to get the MaxConnection, which
> changes the 'request' list.
>
> ldap {
> # TESTING
> request:Tmp-String-1 := 'MaxConnection'
> }
What made you think that would work? You're just trying random things in random places. And, ignoring all of the available documentation.
> Any suggestion is appreciated.
Read the documentation and examples. Read the Wiki. Look for "Simultaneous-Use", which does exactly this...
Alan DeKok.
More information about the Freeradius-Users
mailing list