Is it possible to set Simultaneous-Use without any SQL/LDAP database ?
Olivier
oza.4h07 at gmail.com
Wed Jan 23 18:34:21 CET 2019
Le mar. 22 janv. 2019 à 18:47, Alan DeKok <aland at deployingradius.com> a
écrit :
> On Jan 22, 2019, at 12:38 PM, Olivier <oza.4h07 at gmail.com> wrote:
> >
> > Reading this mailing list late messages (from last October up to now), I
> > noticed most if not all, questions related to Simultaneous-Use setting
> > mentioned some sort of database.
>
> The database is for tracking user sessions. Without a database, you
> can't track user sessions.
>
> FreeRADIUS implements a simple database in rlm_radutmp. But it's not
> recommended. It's simple, and has minimal functionality.
>
> If you have 5K users, radutmp is fine.
I have up to 200 users, at most.
I'm glad to read radutmp is fine for this scale.
> If you have more, use a real database.
>
> > 1. Is it possible to set a value for Simultaneous-Use parameter and still
> > define authorized users with a simple file or is it required to use some
> > sort of database (*) ?
>
> You don't need a database to *define* users. You need a database to
> *track* users.
>
> You can put users and passwords into LDAP, and then use SQL to store
> session data. Or, put users into the "files" module, and use "radutmp" to
> store session data.
>
> > My target implementation is Debian Stretch with Freeradius 3.0.12.
> > With it, I defined what I call users in a file
> > /etc/freeradius/3.0/mods-config/files/authorize with entries such as :
> > 999_9999 Cleartext-Password := "mysuperpassword"
> >
> > 2. If possible, can set this Simultaneous-Use within this authorize file
>
> That's what the documentation says to do.
>
Ok thanks.
DEFAULT Simultaneous-Use := 1
Fall-Through = Yes
999_9999 Cleartext-Password := "123456789"
Simultaneous-Use := 2
999_8888 Cleartext-Password := "123456789"
Is the above /etc/freeradius/3.0/mods-config/files/authorize content
setting what I'm after:
- allowing 2 simultaneous connections for user 999_9999
- and 1 connection for anybody else
If negative what I shall change in it ?
(I prefer to ask here as I don't trust yet my capabilty to correctly
interpret my further testings)
> > or
> > shall I use an other file (I'm thinking of
> > /etc/freeradius/3.0/mods-config/files/accounting ?
>
> That's for accounting... not authorization.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list