I'm trying to use FreeRADIUS simultaneous use control. All requests are proxied to another RADIUS server. However, I wanted FreeRADIUS to control this.
>From debug (radiusd -X) it looks to me that FreeRADIUS sends the request to the other server before checking. It worked once but I had to remove the configuration. Now I can't make it work again... I've posted the files which I think are relevant. If something is important from radiusd.conf (which is too big for a polite post) please let me know. I have not huntgroups or realms (outside the proxy.conf file) defined. I've included also a debugged session of one of these cases. Ok, you'll see that the destination RADIUS server did block the simultaneous login, but I need FreeRADIUS to do that (because it does it better when it works). I could really use some help here. Thanks -- Luiz Lima Image Link Internet http://www.imagelink.com.br /etc/raddb/users =============================================== DEFAULT Auth-Type := System, Simultaneous-Use := 1 Fall-Through = 1 =============================================== /etc/raddb/proxy.conf =============================================== proxy server { synchronous = no retry_delay = 5 retry_count = 3 dead_time = 60 default_fallback = no } realm NULL { type = radius authhost = 10.0.0.1:1645 accthost = 10.0.0.1:1646 secret = mypassword } =============================================== /etc/raddb/attrs =============================================== DEFAULT Port-Limit := 1 =============================================== debug =============================================== rad_recv: Access-Request packet from host 200.216.4.170:1645, id=195, length=70 NAS-IP-Address = 200.216.95.212 NAS-Port = 1342767363 NAS-Port-Type = Virtual User-Name = "user-login-here" Password = "\\K\\;\014\373\276h\267\361\225\201\376;A\204" rad_lowerpair: User-Name now 'user-login-here' rad_lowerpair: Password now 'user-password-here' modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok modcall[authorize]: module "attr_filter" returns noop rlm_realm: Looking up realm NULL for User-Name = "user-login-here" rlm_realm: Found realm NULL rlm_realm: Adding Stripped-User-Name = "user-login-here" rlm_realm: Proxying request from user user-login-here to realm NULL rlm_realm: Adding Realm = "NULL" rlm_realm: Preparing to proxy authentication request to realm NULL modcall[authorize]: module "suffix" returns updated users: Matched DEFAULT at 1 modcall[authorize]: module "files" returns ok modcall: group authorize returns updated Sending Access-Request of id 1 to 10.0.0.1:1645 User-Name = "user-login-here" NAS-IP-Address = 200.216.95.212 NAS-Port = 1342767363 NAS-Port-Type = Virtual Password = "}w\237\342\203\265\020\242\301q}\320\303\271RR" Proxy-State = "195" --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Reject packet from host 10.0.0.1:1645, id=1, length=61 Proxy-State = 0x313935 Reply-Message = "Simultaneous login limit exceeded!" rad_lowerpair: Stripped-User-Name now 'user-login-here' rad_lowerpair: Password now 'user-password-here' Login incorrect (Home Server says so): [user-login-here/user-password-here] (from client 200-216-4-170 port 1342767363) Delaying request 0 for 1 seconds Finished request 0 Going to the next request rl_next: returning NULL Waking up in 6 seconds... rad_recv: Access-Request packet from host 200.216.4.170:1645, id=195, length=70 Sending Access-Reject of id 195 to 200.216.4.170:1645 Reply-Message = "Simultaneous login limit exceeded!" =============================================== radwho -r =============================================== user-login-here,user-login-here,PPP,S1342767363,Fri 11:37,200.216.95.212,200.149.171.85 =============================================== - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
