Is it possible to set Simultaneous-Use without any SQL/LDAP database ?

Olivier oza.4h07 at gmail.com
Wed Jan 23 18:34:21 CET 2019


Le mar. 22 janv. 2019 à 18:47, Alan DeKok <aland at deployingradius.com> a
écrit :

> On Jan 22, 2019, at 12:38 PM, Olivier <oza.4h07 at gmail.com> wrote:
> >
> > Reading this mailing list late messages (from last October up to now), I
> > noticed most if not all, questions related to Simultaneous-Use setting
> > mentioned some sort of database.
>
>   The database is for tracking user sessions.  Without a database, you
> can't track user sessions.
>
>   FreeRADIUS implements a simple database in rlm_radutmp.  But it's not
> recommended. It's simple, and has minimal functionality.
>
>   If you have 5K users, radutmp is fine.


I have up to 200 users, at most.
I'm glad to read radutmp is fine for this scale.


>   If you have more, use a real database.
>
> > 1. Is it possible to set a value for Simultaneous-Use parameter and still
> > define authorized users with a simple file or is it required to use some
> > sort of database (*) ?
>
>   You don't need a database to *define* users.  You need a database to
> *track* users.
>
>   You can put users and passwords into LDAP, and then use SQL to store
> session data.  Or, put users into the "files" module, and use "radutmp" to
> store session data.
>
> > My target implementation is Debian Stretch with Freeradius 3.0.12.
> > With it, I defined what I call users in a file
> > /etc/freeradius/3.0/mods-config/files/authorize with entries such as :
> > 999_9999 Cleartext-Password := "mysuperpassword"
> >
> > 2. If possible, can set this Simultaneous-Use within this authorize file
>
>   That's what the documentation says to do.
>

Ok thanks.

DEFAULT    Simultaneous-Use := 1
    Fall-Through = Yes

999_9999 Cleartext-Password := "123456789"
    Simultaneous-Use := 2
999_8888 Cleartext-Password := "123456789"

Is the above /etc/freeradius/3.0/mods-config/files/authorize content
setting what I'm after:
- allowing 2 simultaneous connections for user 999_9999
- and 1 connection for anybody else

If negative what I shall change in it ?

(I prefer to ask here as I don't trust yet my capabilty to correctly
interpret my further testings)


> > or
> > shall I use an other file (I'm thinking of
> > /etc/freeradius/3.0/mods-config/files/accounting ?
>
>   That's for accounting... not authorization.
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list