Freeradius 3.0.15 x OpenLDAP (auth) x MySQL (acct): Limit Simultaneous Use

Jon Battista jonbattista at
Fri Sep 7 03:41:12 CEST 2018

Hi All,

I am currently attempting to set up FreeRadius 3.x to limit simultaneous
connection based on a User's LDAP Group. For example, people in the
Employee LDAP Group get 2 connections.

After extensive research, I have surmised the best way to do so is to use a
SQL DB for Accounting, which I currently have all set up. Unless LDAP can
be used for Accounting?

As it stands, I can query how many active connections a User has
(simul_count_query) from the radacct table of my local MySQL radius DB, so
now I am trying to figure out how to *set* and *enforce* the Simultaneous-Use

Where I am caught up is the LDAP x SQL interfacing regarding the
Simultaneous-Use attribute.

How and where does FreeRadius look for this attribute? Does this have to be
in LDAP for the Group/User and FreeRadius queries for it or can I define
within my FreeRadius configs somewhere? Most examples say to enforce it on
a per-user basis by using the Users file, but what about SQL on a large

I've been scouring over the documentation with no luck. Again, LDAP is
enabled and working. SQL Accounting is enabled and logging activity.
Something I did notice was that radacct is NOT getting the groupname column
when I run: *simul_count_query*

Help will be much appreciated.

-- Jon

More information about the Freeradius-Users mailing list