Marcelus Trojahn wrote:
Are you telling the radius to check for Simultaneous-Use := 1 anywhere?Even if you have the SQL for simultaneous use uncommented, you still have to configure Simultaneous-Use := 1 to that specific user or group, otherwise it will just ignore the SQL... I also use SQL for my authentication but on the /etc/raddb/users file, I added the following to force every login to match it: DEFAULT Simultaneous-Use := 1 Fall-Through = Yes Try adding that to that file or to add one of that for every user or group you have in your SQL database. The users file is easier to debug later IMO...
Hmmm, the previous ICR install has only Simultaneous-Use = 2 for the group allowed SU.
Do I need to set Simultaneous-Use := 1 for the groups not allowed SU, and Simultaneous-Use := 2 for the group allowed SU?
DAve
-- Marcelus Trojahn I-Conecta Redes de TelecomunicaĆ§Ć£o Ltda On Mon, Oct 27, 2008 at 1:46 PM, DAve <[EMAIL PROTECTED]> wrote:Good afternoon, I have inherited an aged ICRadius install and I am in process of converting to FreeRadius 1.1.7. Currently I have a master DB on our Management server replicating to two radius servers. Each radius server has a unique sql instance to send accounting data to the master DB. Everything is working, the DB conversion from ICRadius to FreeRadius went fine. In testing the only issue I have found is I am unable to stop Simultaneous use. I read the docs carefully, checked the Wiki, and I believe I have everything configured properly. Using RadiusTest 2.4.3 and radwho I see the following. I check for a login using radwho and I see I have a session, I then attempt both a new auth and start accounting again and still radwho shows only one login. [EMAIL PROTECTED] /usr/local/etc/raddb]# radwho Login Name What TTY When From Location yellowhous yellowhousejake shell S1 Mon 11:35 192.168.4 192.168.0.1 --------------------10/27/2008 11:55:13 AM Test started [check newrad1]------------------------- Info:Sending Access-Request of id 0 to 10.0.241.95:1645 Password = "marlin" User-Name = "yellowhousejake" Framed-IP-Address = 192.168.0.1 Acct-Session-Id = "201" Info: Access-Accept packet from host 10.0.241.95:1645, id=0, length=89 Service-Type = Framed-User Framed-Protocol = PPP Framed-IP-Address = 255.255.255.254 Framed-IP-Netmask = 255.255.255.255 Framed-Routing = None Framed-Compression = Van-Jacobson-TCP-IP Filter-Id = "std.ppp" Framed-MTU = 1500 Port-Limit = 1 Idle-Timeout = 600 Session-Timeout = 28800 Total approved auths: 1 Total denied auths: 0 Total lost auths: 0 Total time(secs): 0 --------------------10/27/2008 11:55:13 AM Test finished [check newrad1]------------------------- --------------------10/27/2008 11:55:40 AM Test started [start acct]------------------------- Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646 User-Name = "yellowhousejake" Acct-Session-Id = "201" Acct-Status-Type = Start NAS-Port = 1 Framed-IP-Address = 192.168.0.1 Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20 Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646 User-Name = "yellowhousejake" Acct-Session-Id = "201" Acct-Status-Type = Alive NAS-Port = 1 Framed-IP-Address = 192.168.0.1 Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20 Total approved auths: 2 Total denied auths: 0 Total lost auths: 0 Total time(secs): 0 --------------------10/27/2008 11:55:40 AM Test finished [start acct]------------------------- --------------------10/27/2008 11:55:40 AM Test started [start acct]------------------------- Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646 User-Name = "yellowhousejake" Acct-Session-Id = "201" Acct-Status-Type = Start NAS-Port = 1 Framed-IP-Address = 192.168.0.1 Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20 Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646 User-Name = "yellowhousejake" Acct-Session-Id = "201" Acct-Status-Type = Alive NAS-Port = 1 Framed-IP-Address = 192.168.0.1 Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20 Total approved auths: 2 Total denied auths: 0 Total lost auths: 0 Total time(secs): 0 --------------------10/27/2008 11:55:40 AM Test finished [start acct]------------------------- [EMAIL PROTECTED] /usr/local/etc/raddb]# radwho Login Name What TTY When From Location yellowhous yellowhousejake shell S1 Mon 11:55 192.168.4 192.168.0.1 Here are the parts of my conf I believe I need to check for simultaneous use. ## radiusd.conf radutmp { filename = ${logdir}/radutmp username = %{User-Name} case_sensitive = yes check_with_nas = no callerid = "yes" } accounting { radutmp ## sradutmp sql_acct } session { radutmp sql_acct } ## sql.conf # Uncomment simul_count_query to enable simultaneous use checking simul_count_query = "SELECT COUNT(*) \ FROM ${acct_table1} \ WHERE UserName='%{SQL-User-Name}' \ AND AcctStopTime = 0" Note I enabled radutmp after sql was failing to stop the second login. I am certain I have missed something simple but I am unable to find it. Any help, cluesmacks, etc are appreciated. DAve -- I am watching the debate and I am very disappointed. The rules are simple, "answer the question". I would vote right now, and I can in Indiana, for the man who answered the question directly, in less than a minute, and then sat down before the green light was out. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- I am watching the debate and I am very disappointed. The rules are simple, "answer the question". I would vote right now, and I can in Indiana, for the man who answered the question directly, in less than a minute, and then sat down before the green light was out. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
