How setup simultaneous-use?

[Alan DeKok]

On Oct 10, 2023, at 8:07 AM, ti.suporte at lupusequipamentos.com.br wrote:
> I need to block multiple connections for users and  i need help to setup the
> "Simultaneous-Use" with SQL. 
> 
> I see around forums, the documentation and others communities for help to
> config this atribute, and i dont has no more ideas.

  In order for Simultaneous-Use to work, not only the server has to be configured properly.  The NAS has to be configured, too.

  The NAS *must* send accounting packets.  If it doesn't, Simultaneous-Use won't work.

  You have Simultaneous-Use configured, which is a good start.  But the next steps are:

* verify that the server is receiving accounting packets

* verify that the accounting packets are going into SQL

  Then in order to make sure that you can test this feature without affecting production:

* use the real accounting packets to create "fake" ones for a test user.  Change the User-Name in the packet.

* set up a test user.  Make sure it's only User-Name and password.  Don't worry about EAP.

* use radclient to send an Access-Request.  Verify that Simultaneous-use is being applied.

  * the server is seeing Simultaneous-Use in the configs

  * the server is checking SQL

 * the server is returning Access-Accept

* Then send an accounting start packet for that user, using radclient.

  * verify that radclient sees an Accounting-Response

  * verify that the accounting data is entered in SQL

* Then send _another_ Access-Request for the same user

  * verify that the Simultaneous-Use / SQL checks are done as above

  * verify that the server returns Access-Reject

* use radclient to send Accounting Stop for the test user

  * this cleans up the entry in SQL.

  It's not enough to just configure Simultaneous-Use.  This is RADIUS, and there's a whole lot going on behind the scenes.  You have to ensure that every little piece is working correctly.

  Alan DeKok.