On Thu, 20 Jan 2005, Rad Adm wrote:
> I want to limit the users so that multiple logins are not allowed
> using a single account.
>
> At our company we have ( proprietary ) server which forwards
> authentication requests to radius which is configured to query Mysql
> and confirm the user credentials.
>
> I have done the following
>
> radcheck table
> +----+-------------------------+-----------+----+-------+
> | id | UserName | Attribute | op | Value |
> +----+-------------------------+-----------+----+-------+
> | 7 | [EMAIL PROTECTED] | Password | == | baen1 |
> | 6 | [EMAIL PROTECTED] | Auth-Type | := | Local |
> +----+-------------------------+-----------+----+-------+
Why did you add Auth-Type := Local? Just curious.
>
> usergroup table
>
> +----+-------------------------+-----------+
> | id | UserName | GroupName |
> +----+-------------------------+-----------+
> | 1 | [EMAIL PROTECTED] | demo |
> +----+-------------------------+-----------+
>
> radgroupcheck table
> +----+-----------+------------------+----+-------+
> | id | GroupName | Attribute | op | Value |
> +----+-----------+------------------+----+-------+
> | 1 | demo | Simultaneous-Use | := | 1 |
> +----+-----------+------------------+----+-------+
>
> The queries in sql.conf are :
>
> authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM
> ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
>
> authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM
> ${authreply_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id"
>
> authorize_group_check_query = "SELECT
> ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op
> FROM ${groupcheck_table},${usergroup_table} WHERE
> ${usergroup_table}.Username = '%{SQL-User-Name}' AND
> ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY
> ${groupcheck_table}.id"
>
> authorize_group_reply_query = "SELECT
> ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op
> FROM ${groupreply_table},${usergroup_table} WHERE
> ${usergroup_table}.Username = '%{SQL-User-Name}' AND
> ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY
> ${groupreply_table}.id"
>
> simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE
> UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
>
> simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
> NASIPAddress, NASPortId, FramedIPAddress, CallingStationId,
> FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}'
> AND AcctStopTime = 0"
>
> I tried to follow the instructions in the documentation page
> "Simultaneous-Use" which comes with free radius package but obviously
> i am doing some thing wrong .
>
> Incase Anyone knows the answer or can put me in the right direction ,
> please help me with that .
>
So what does debug show when you try to log in a user that is already
logged in?
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
