Simultaneous-Use with EAP

[Matthew]

On Wed, 18 Mar 2026 at 13:34, Alan DeKok via Freeradius-Users
<freeradius-users at lists.freeradius.org> wrote:
>   That's good.
>
>   But again, this particular configuration depends on a number of factors, and might not work for everyone.  For example, the issue of "inner" username versus "outer" username is complex, and can change from organization to organization.  All we can do is document the choices, and hope for the best.
>
>   The default configuration for the "inner-tunnel" virtual server also has a "session" section which includes a reference to "sql".  So this is at least somewhat documented.
>

Great, it is good to know I didn't do the wrong thing to modify the
'inner-tunnel' configuration. So far it seems to be working well.

> > I'm not looking for more help at the moment, other than that I am wondering
> > if there is a way to constrain simultaneous connections for all users at
> > once. The Simultaneous-Use query doesn't look for a DEFAULT line in the
> > mysql database.
>
>   Do you want to limit the total number of connections over all users?  That's not really a Simultaneous-Use thing.  The Simultaneous-Use query is design to limit connections for one user.
>
>   If you want to limit the total number of users, just do a SELECT / count over all active sessions in the radacct database.
>
>         if ("%{sql:SELECT ... count ..}" > 4) {
>                 reject
>         }
>

What I had in mind was that a line in the 'radcheck' table with user
'DEFAULT' would apply to all users, so that I could add one
"Simultaneous-Use" line to apply to all users (but still based on
total number of connections per user). But now for my use case I think
it would be better to add this line for each individual user.