On 2008-Jun-06, at 08:40, Jean Carlos Oliveira Guandalini wrote:
Hello,
we have a problem of mac-address clone, and we use the Simultaneous-
Use: = 1 option to not allow double login, but when this is a case
of the clone mac-address the freeradius allows the connection.
Log of sql.trace:
INSERT into radpostauth (id, user, pass, reply, date) values ('',
'userlogin', '290476', 'Access-Accept', NOW());
INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('81b00935',
'bcc93b20ea389f59', 'userlogin', '', '10.0.6.10', '2447',
'Ethernet', '2008-06-06 11:08:45', '0', '0', 'RADIUS', '', '', '0',
'0', 'INTERNET', '00:4F:62:0A:1F:BF', '', 'Framed-User', 'PPP',
'111.111.111.111', '0', '0');
UPDATE radacct SET AcctStopTime = '2008-06-06 11:08:46',
AcctSessionTime = '0', AcctInputOctets = '0', AcctOutputOctets =
'0', AcctTerminateCause = '', AcctStopDelay = '0', ConnectInfo_stop
= '' WHERE AcctSessionId = '81b00935' AND UserName = 'userlogin' AND
NASIPAddress = '10.0.6.10';
INSERT into radpostauth (id, user, pass, reply, date) values ('',
'userlogin', '290476', 'Access-Accept', NOW());
INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm,
NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime,
AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop,
AcctInputOctets, AcctOutputOctets, CalledStationId,
CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol,
FramedIPAddress, AcctStartDelay, AcctStopDelay) values('81b00936',
'3f7c1d06dbd205d4', 'userlogin', '', '10.0.6.10', '2448',
'Ethernet', '2008-06-06 11:08:49', '0', '0', 'RADIUS', '', '', '0',
'0', 'INTERNET', '00:4F:62:0A:1F:BF', '', 'Framed-User', 'PPP',
'111.111.111.111', '0', '0');
Queries in sql.conf:
simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName,
NASIPAddress, NASPortId, FramedIPAddress, CallingStationId,
FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}'
AND AcctStopTime = 0"
despite the mac-address to match are two different users, and the
second to connect without first disconnecting was before.
Is there any possibliidade to block it?
Thanks
Sorry for my english (By Google Tradutor)
I do not think there is a way to block it.
You may want to have the real user change his mac address then block
the cloned mac address.
You will likely then find that another mac address gets cloned.
If you move to a secure username / password access method you may be
able to stop the abuser.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
