Yes, this is /usr/sbin/checkrad. Sorry for mistake. You should read this script ...
Radiusd can be down or unrichable or packet can be loss. If You have NAS one of this type You can specify this type in clients.conf (nastype = cisco). After than radiusd should use /usr/sbin/checkrad to check simultaneous logins. But if You have a situation when NAS has opened working session and radiusd has no records about it in session table You can get double login. AFAIK in this case radiusd will not do simultaneous check at all. But it should not happen -- when radiusd goes down suddenly the records in SQL session table should be stay like opened sessions. And after radiusd starts again it thinks that that sessions are active :-), in this case radiusd will use checkrad if nastype is configured to check his SQL records. Moreover if You will connect simultaneously very fast (faster then Your SQL can handle queries) and without using checkrad then You will get simultaneous logins too. This is because there is no any transaction is SQL schema or no other method to make single unique login attempt in a time for SQL can see them like separate tries. On Tue, 1 Jun 2010 17:21:26 +0700 Spacelee <fjct...@gmail.com> wrote: > sorry, does the radcheck.pl included in freeradius now? does you mean > /usr/sbin/checkrad ? > > > and i search the keywords "Simultaneous mysql radius down" , but found no > results i need. > > 2010/6/1 Anton <w...@stack.ru<mailto:w...@stack.ru>> > It should be done by NAS. For example PPPoE and PPTP have lcp packets, If no > response for some time from > client to NAS then NAS decides that session is down and sends acct-stop > packet to radius server. Radius > server sets the corresponding record to SQL session table. > > Or there is another method: depending on NAS type radiusd can connect to NAS > and check activity of user > session directly on NAS - this is more reliable source of information. See > radcheck.pl<http://radcheck.pl>. > > > On Tue, 1 Jun 2010 16:24:54 +0700 > Spacelee <fjct...@gmail.com<mailto:fjct...@gmail.com>> wrote: > > > > > i want to limit user's behavior, such as a username can login only once at > > the same time... > > > > 1、modifiy default and inner-tunnel in > > > > # Session database, used for checking Simultaneous-Use. Either the radutmp > > # or rlm_sql module can handle this. > > # The rlm_sql module is *much* faster > > session { > > #radutmp > > > > # See "Simultaneous Use Checking Querie" in sql.conf > > sql > > > > } > > 2、modify dialup.conf in etc/raddb/sql/mysql > > > > # Uncomment simul_count_query to enable simultaneous use checking > > > > simul_count_query = "SELECT COUNT(*) \ > > FROM ${acct_table1} \ > > WHERE username = '%{SQL-User-Name}' \ > > AND acctstoptime IS NULL" > > > > 3、add a entry to the table radgorucheck > > INSERT INTO `radgroupcheck` ( `id` , `GroupName` , `Attribute` , `op` , > > `Value` ) > > VALUES ( > > NULL , ’user’, ’Simultaneous-Use’, ’:=’, ’1’ > > ); > > > > 4. update the user "test" to the group "user" > > > > > > i finally tried successfully, but if , i say if the radius server was down > > suddenly or the user logout > > improperly(such as he poweroff the computer directly). then the record will > > still be record in the table > > as he was still online ...so we need to modify the record, but how to ? can > > freeradius judge it by > > itself, or how to judge the user if offline ? > > > > -- > > Spacelee > > > > > > > > -- > > Spacelee > > > -- > Anton [WARM-RIPE] > Stack ltd division head > tel. 8 (3822) 555-797 > > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > > > > -- > Spacelee -- Anton [WARM-RIPE] Stack ltd division head tel. 8 (3822) 555-797 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html