Hello, I am trying to use Simultaneous-Use for group users through mysql with freeradius-snapshot-20021101.
radiusd.conf: ============== # Session database, used for checking Simultaneous-Use. The radutmp module # handles this session { # radutmp sql } sql.conf: ========== # Uncomment simul_count_query to enable simultaneous use checking simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" radgroupcheck: ============== GroupName Attribute op Value ppp-simul Simultaneous-Use :=3D 1 I've also used op=":=" And now users from another groups (not "ppp-simul") hasn't access too: Multiple logins (max 1) : [ppgip] (from client riak port 11) Sending Access-Reject of id 250 to XXX.XX.XX.XX:1026 Reply-Message := "\r\nYou are already logged in - access denied\r\n\n" I think "GroupName" wasn't checked. Why? ==================== rad_recv: Access-Request packet from host XXX.XX.XX.XX:1026, id=250, length=82 User-Name = "ppgip" User-Password = "XXX" NAS-IP-Address = XXX.XX.XX.XX NAS-Port = 11 NAS-Port-Type = Async Connect-Info = "14400" Framed-Protocol = PPP Service-Type = Framed-User modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok radius_xlat: 'ppgip' sql_set_user: escaped user --> 'ppgip' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'ppgip' ORDER BY id' rlm_sql: Reserving sql socket id: 2 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ppgip' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = 'ppgip' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = 'ppgip' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql: Released sql socket id: 2 modcall[authorize]: module "sql" returns ok rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "noresetcounter" returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "dailycounter" returns noop rlm_sqlcounter: Entering module authorize code rlm_sqlcounter: Could not find Check item value pair modcall[authorize]: module "monthlycounter" returns noop users: Matched DEFAULT at 12 modcall[authorize]: module "files" returns ok modcall: group authorize returns ok auth: type Local auth: user supplied User-Password matches local User-Password modcall: entering group session radius_xlat: 'ppgip' sql_set_user: escaped user --> 'ppgip' radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName='ppgip' AND AcctStopTime = 0' rlm_sql: Reserving sql socket id: 1 radius_xlat: 'SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE UserName='ppgip' AND AcctStopTime = 0' rlm_sql: Released sql socket id: 1 modcall[session]: module "sql" returns ok modcall: group session returns ok Multiple logins (max 1) : [ppgip] (from client riak port 11) Sending Access-Reject of id 250 to XXX.XX.XX.XX:1026 Reply-Message := "\r\nYou are already logged in - access denied\r\n\n" Finished request 5 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html