I'm trying to use FreeRADIUS simultaneous use control. All requests are
proxied to another RADIUS server. However, I wanted FreeRADIUS to control
this.
From debug (radiusd -X) it looks to me that FreeRADIUS sends the request to
the other server before checking.
It worked once but I had to remove the configuration. Now I can't make it
work again...
I've posted the files which I think are relevant. If something is important
from radiusd.conf (which is too big for a polite post) please let me know. I
have not huntgroups or realms (outside the proxy.conf file) defined.
I've included also a debugged session of one of these cases. Ok, you'll see
that the destination RADIUS server did block the simultaneous login, but I
need FreeRADIUS to do that (because it does it better when it works).
I could really use some help here. Thanks
--
Luiz Lima
Image Link Internet
http://www.imagelink.com.br
/etc/raddb/users
===
DEFAULT Auth-Type := System, Simultaneous-Use := 1
Fall-Through = 1
===
/etc/raddb/proxy.conf
===
proxy server {
synchronous = no
retry_delay = 5
retry_count = 3
dead_time = 60
default_fallback = no
}
realm NULL {
type= radius
authhost= 10.0.0.1:1645
accthost= 10.0.0.1:1646
secret = mypassword
}
===
/etc/raddb/attrs
===
DEFAULT
Port-Limit := 1
===
debug
===
rad_recv: Access-Request packet from host 200.216.4.170:1645, id=195,
length=70
NAS-IP-Address = 200.216.95.212
NAS-Port = 1342767363
NAS-Port-Type = Virtual
User-Name = user-login-here
Password = \\K\\;\014\373\276h\267\361\225\201\376;A\204
rad_lowerpair: User-Name now 'user-login-here'
rad_lowerpair: Password now 'user-password-here'
modcall: entering group authorize
modcall[authorize]: module preprocess returns ok
modcall[authorize]: module attr_filter returns noop
rlm_realm: Looking up realm NULL for User-Name = user-login-here
rlm_realm: Found realm NULL
rlm_realm: Adding Stripped-User-Name = user-login-here
rlm_realm: Proxying request from user user-login-here to realm NULL
rlm_realm: Adding Realm = NULL
rlm_realm: Preparing to proxy authentication request to realm NULL
modcall[authorize]: module suffix returns updated
users: Matched DEFAULT at 1
modcall[authorize]: module files returns ok
modcall: group authorize returns updated
Sending Access-Request of id 1 to 10.0.0.1:1645
User-Name = user-login-here
NAS-IP-Address = 200.216.95.212
NAS-Port = 1342767363
NAS-Port-Type = Virtual
Password = }w\237\342\203\265\020\242\301q}\320\303\271RR
Proxy-State = 195
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Reject packet from host 10.0.0.1:1645, id=1, length=61
Proxy-State = 0x313935
Reply-Message = Simultaneous login limit exceeded!
rad_lowerpair: Stripped-User-Name now 'user-login-here'
rad_lowerpair: Password now 'user-password-here'
Login incorrect (Home Server says so): [user-login-here/user-password-here]
(from client 200-216-4-170 port 1342767363)
Delaying request 0 for 1 seconds
Finished request 0
Going to the next request
rl_next: returning NULL
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 200.216.4.170:1645, id=195,
length=70
Sending Access-Reject of id 195 to 200.216.4.170:1645
Reply-Message = Simultaneous login limit exceeded!
===
radwho -r
===
user-login-here,user-login-here,PPP,S1342767363,Fri
11:37,200.216.95.212,200.149.171.85
===
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html