>I'm trying to limit a single username to logon 2 times on the same NAS >Port/NAS Port ID. > >Our test environment consists of a single FreeRadius Server (Version >2.1.5/4), MySQL Server 5.0.45, and a Cisco 7200VXR with IOS >12.2(31)SB13. > > >The main issue now is that a single user name with Simultaneous-Use set >too 2 is able to login an unlimited number of times on the same NAS >Port/NAS Port ID. However, if the same user logon through a different >NAS Port/NAS Port ID, Simultaneous-Use checks work as expected. Please, >note the following radwho and radiusd -X outputs. > > >radwho -R Output after first user logged in: > >User-Name = "test1" >Acct-Session-Id = "00003377" >NAS-IP-Address = X.X.X.X >NAS-Port = 2097152 >Service-Type = Framed-User >Framed-Protocol = PPP >Framed-IP-Address = X.X.X.X > > >radwho -R Output after second user logged in: > >User-Name = "test1" >Acct-Session-Id = "00003378" >NAS-IP-Address = X.X.X.X >NAS-Port = 2097152 >Service-Type = Framed-User >Framed-Protocol = PPP >Framed-IP-Address = X.X.X.X >Acct-Session-Time = 72 > > >**Note the lack of the first user identified by Acct-Session-ID >00003377. >
Yes. When radius server recieves a second accounting Start packet with same Nas-IP-Address/NAS-Port it will "conclude" that the Stop packet for the first session is missing and will log out first session. In short - sending same NAS-Port for multiple sessions breaks accounting. Don't do that. You can try adjusting raddb/modules/acct_unique but I don't see anything you can use instead of NAS-Port. Ivan Kalik Kalik Informatika ISP - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
