Simultaneous-Use and mysql

Alan DeKok aland at deployingradius.com
Fri Aug 2 23:58:38 CEST 2019 

On Aug 2, 2019, at 5:42 PM, Ben McTee <eastex.benmctee at gmail.com> wrote:
> 
> I am using a MySQL backend and want to prevent more than one logon
> from a user at a time (Simultaneous-Use := 1). Because I've read
> enough of the Internet to realize Alan D gets mad at too much or too
> little detail,

  I get cranky when people don't read the documentation.  After spending much time writing it, a good percentage of people go "nah, we're not going to to read that."

  Despite that, I still try to help people.  And for some reason, many people get mad when I point out that their questions are answered in the documentation, and that should probably have read it.

> I've done testing (see -X output below), and am able to authenticate a
> second test modem, even though there is clearly a NULL acctstoptime
> for the user. What am I missing?
> 
> System config:
> End user: ADSL modem, PPPoE encapsulation
> NAS: Cisco ASR (1002)
> FreeRADIUS: Version 3.0.16 (Ubuntu 18.04)
> Database: MySQL, initialized using included schema (mods-config/sql/main/mysql/)

  None of that is needed.  The documentation says what we need.

> SQL Table radgroupcheck:
> groupname attribute op value
> DSL Port-Limit := 1
> DSL Simultaneous-Use := 1

  That should work.

> queries.conf:

  Posting the default configuration files to the list isn't helpful.  When you join the list, you get an email pointing you to a Wiki page which says what we need.  That page explicitly says *don't* post the configuration files.

> sites-enabled/default:

  We don't need to see that, either.

  The documentation and at least weekly (if not daily) messages on this list say what to post.

> Pertinent (I think) portions of freeradius -X. This is where the 2nd
> instance of 'siptest' is allowed online:
> 
> Ready to process requests
> ...
> (1) sql: Executing select query: SELECT radacctid, acctsessionid,
> username, nasipaddress, nasportid, framedipaddress, callingstationid,
> framedprotocol FROM radacct WHERE username = 'siptest' AND
> acctstoptime IS NULL

  All that sets Simultaneous-Use, which is fine.

> checkrad: Neither SNMP_Session module or /usr/bin/snmpget found!
> checkrad: /usr/bin/snmpwalk not found!

  Messages like that seem relevant.

> (1) sql: Running Accounting section for automatically created accounting 'stop'

  And it's trying to delete the previous session.

  If you're going to run "checkrad", make sure that "snmpget" is installed, as the message above suggests.

  Otherwise, edit the client { ... } configuration, and set "nas_type = other".   (Note that you *didn't* post the full debug output which would have showed what you set for "nas_type", but whatever,)

  Setting "nas_type = other"  means the server just believes whatever is in the accounting database, and doesn't run checkrad.  That will likely fix the problem.

  Alan DeKok.

More information about the Freeradius-Users mailing list