"Funk, Michael" <[EMAIL PROTECTED]> wrote: > I'm being told by other sources that you must have SNMP access to the NAS in > order for Simultaneous-Use and Port-Limit to work.
No. Port-Limit is an attribute that the RADIUS server sends to the NAS. If the NAS ignores it, there's nothing that the RADIUS server can do. Simultaneous-Use is a FreeRADIUS configuration item, which tells FreeRADIUS to reject the user (even if their password is OK), if they've logged in more than N time. FreeRADIUS uses a 'radutmp' file to keep track of which users are currently logged in where. (This can be done via SQL in the CVS head, too.) However, due to network problems, accounting packets may be lost. So the radutmp file may not be correct and up to date. Therefore, FreeRADIUS uses checkrad to do snmp/finger/telnet/whatever queries to the NAS, to see if the user is still logged on. You can run the server without using Checkrad. But it means that when accounting packets are lost, the user MAY be accepted, even though they are already logged in, and the user MAY be rejected, even if they've already logged out. There is nothing you can do to the RADIUS server to fix this problem, other than run checkrad. > How would I be able to "work around" this limitation by using the accounting > flat files, not accounting tables, to check for an open session and deny a > new request? You can *mostly* work around it, simply by not using checkrad. However, that solution won't be perfect. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
