Simultaneous-Use with MySQL is not working
Alan DeKok
aland at deployingradius.com
Wed Jan 31 12:46:45 UTC 2024
On Jan 31, 2024, at 4:49 AM, Tania Syvodid <sivodid at gmail.com> wrote:
> Hi, I'm trying to configure concurrent use to limit user sessions to access
> a WiFi network. I know there are many such questions, but nothing has
> helped me.
There are a whole lot of pieces which have to work together for Simultaneous-Use to work.
The server needs to know who is online, which means that accounting must be configured and working. Start off by checking the basics, independent of Simultaneous-Use.
i.e. when a user logs in, you should check:
* did the user get Access-Accept?
no - fix that.
yes - The user was _allowed_ to log in, but maybe the NAS disagreed
* did the server then get an Accounting-Request for that user?
no - the NAS isn't sending accounting, Simultaneous-Use will never work
yes - the NAS is telling FreeRADIUS that the user has a session
* did the accounting data go into the radacct table? Read the debug output.
np - nothing in the debug output about radacct? Configure the server to write accounting data to SQL
yes - you see successful INSERT or UPDATE in radacct
* double-check the radacct database using an SQL client. Just to be sure that the data is really there.
If all that works, then the server is set up correctly to authenticate users, and to store their data in SQL. This is the foundation for Simultaneous-Use.
Then, configure the server to set Simultaneous-Use=1. That tells the server to enforce Simultaneous-Use.
You will also need to configure the "default" virtual server to check session data in SQL. Look for "Simultaneous-Use" in sites-available/default. Uncomment the "sql" line.
After that, when a user logs in, the debug output *should* show that it's running the "session" section, in order to check / enforce Simultaneous-Use.
> freeradius -X (debug mode when one user is connected to two devices,
> although there should be only one session)
That shows the server receiving authentication and accounting packets, which is good.
> ...
> (8) # Executing section session from file
> /etc/freeradius/3.0/sites-enabled/inner-tunnel
> (8) session {
> (8) radutmp: EXPAND /var/log/freeradius/radutmp
> (8) radutmp: --> /var/log/freeradius/radutmp
> (8) [radutmp] = ok
> (8) } # session = ok
And it's not checking SQL.
Read sites-available/default. Look for Simultaneous-Use. Find the "session" section. Uncomment "sql".
Alan DeKok.
More information about the Freeradius-Users
mailing list