On 2008-Jun-06, at 08:40, Jean Carlos Oliveira Guandalini wrote:

Hello,

we have a problem of mac-address clone, and we use the Simultaneous- Use: = 1 option to not allow double login, but when this is a case of the clone mac-address the freeradius allows the connection.

Log of sql.trace:
INSERT into radpostauth (id, user, pass, reply, date) values ('', 'userlogin', '290476', 'Access-Accept', NOW()); INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('81b00935', 'bcc93b20ea389f59', 'userlogin', '', '10.0.6.10', '2447', 'Ethernet', '2008-06-06 11:08:45', '0', '0', 'RADIUS', '', '', '0', '0', 'INTERNET', '00:4F:62:0A:1F:BF', '', 'Framed-User', 'PPP', '111.111.111.111', '0', '0'); UPDATE radacct SET AcctStopTime = '2008-06-06 11:08:46', AcctSessionTime = '0', AcctInputOctets = '0', AcctOutputOctets = '0', AcctTerminateCause = '', AcctStopDelay = '0', ConnectInfo_stop = '' WHERE AcctSessionId = '81b00935' AND UserName = 'userlogin' AND NASIPAddress = '10.0.6.10'; INSERT into radpostauth (id, user, pass, reply, date) values ('', 'userlogin', '290476', 'Access-Accept', NOW()); INSERT into radacct (AcctSessionId, AcctUniqueId, UserName, Realm, NASIPAddress, NASPortId, NASPortType, AcctStartTime, AcctStopTime, AcctSessionTime, AcctAuthentic, ConnectInfo_start, ConnectInfo_stop, AcctInputOctets, AcctOutputOctets, CalledStationId, CallingStationId, AcctTerminateCause, ServiceType, FramedProtocol, FramedIPAddress, AcctStartDelay, AcctStopDelay) values('81b00936', '3f7c1d06dbd205d4', 'userlogin', '', '10.0.6.10', '2448', 'Ethernet', '2008-06-06 11:08:49', '0', '0', 'RADIUS', '', '', '0', '0', 'INTERNET', '00:4F:62:0A:1F:BF', '', 'Framed-User', 'PPP', '111.111.111.111', '0', '0');


Queries in sql.conf:
simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0" simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"


despite the mac-address to match are two different users, and the second to connect without first disconnecting was before.
Is there any possibliidade to block it?


Thanks

Sorry for my english (By Google Tradutor)

I do not think there is a way to block it.
You may want to have the real user change his mac address then block the cloned mac address.
You will likely then find that another mac address gets cloned.
If you move to a secure username / password access method you may be able to stop the abuser.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to