sql ldap simultaneous-use
Alan DeKok
aland at deployingradius.com
Fri Dec 23 19:27:52 UTC 2022
On Dec 23, 2022, at 1:32 PM, mcury via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>
> Hi, I'm new to freeradius, currently trying to enforce simultaneous-use = 1 in my wireless network but it is not working.
> unifi access point > freeradius > samba-ad-dc
> ...
> I'm using LDAP for authentication through post-auth section in sites-available/default file using Unlang and its working perfectly.
OK, that's good.
> (11) if (LDAP-Group == "wifi_users" && NAS-IP-Address == "172.16.200.3") -> TRUE
> (11) if (LDAP-Group == "wifi_users" && NAS-IP-Address == "172.16.200.3") {
> (11) update {
> (11) control:Simultaneous-Use := 1
That sets Simultaneous-Use as necessary.
> (11) reply:Class := 0x776966695f7573657273
> (11) } # update = noop
> (11) [noop] = noop
> (11) } # if (LDAP-Group == "wifi_users" && NAS-IP-Address == "172.16.200.3") = noop
> (11) ... skipping elsif: Preceding "if" was taken
> (11) } # post-auth = ok
> (11) Sent Access-Accept Id 77 from 192.168.255.241:1812 to 172.16.200.3:38173 length 187
>
> LDAP attribute map as per below:
> mods-available/ldap:
> update {
> ...
> control:Simultaneous-Use += 'radiusSimultaneousUse = 1'
What is that?
You don't set values in the ldap module configuration. You just do:
control:Simultaneous-Use += radiusSimultaneousUse
> sql is included inside session { section as per documentation.
>
> Any tips, perhaps I forgot something?
Read the debug output to see what's going on. It prints out everything it does, and why a user is allowed (or not) on the network.
Alan DeKok.
More information about the Freeradius-Users
mailing list