Re[2]: configuration freeradius for no simultaneous use
Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. 02 декабря 2011, 11:49 от Alan DeKok-2 [via FreeRadius] ml-node+s1045715n5040921...@n5.nabble.com: [hidden email] wrote: i need your help in configuration freeradius for no simultaneous use. doc/Simultaneous-Use See also the Wiki. Have you read that documentation and followed the instructions there? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5040921.html To unsubscribe from configuration freeradius for no simultaneous use, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041046.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[2]: configuration freeradius for no simultaneous use
On Fri, Dec 2, 2011 at 3:37 PM, tolik_shavlov...@mail.ru tolik_shavlov...@mail.ru wrote: Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. Did you read the doc? Or the reply I sent earlier? It requires MORE than just that. -- FAN - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[4]: configuration freeradius for no simultaneous use
Dear Alan, i am not good acquainted with freeradius. So, from doc/Simultaneous-use i understood that freeradius requres script, which will connect to NAS and check user session. Am i right? 02 декабря 2011, 12:43 от Fajar A. Nugraha l...@fajar.net: On Fri, Dec 2, 2011 at 3:37 PM, tolik_shavlov...@mail.ru tolik_shavlov...@mail.ru wrote: Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. Did you read the doc? Or the reply I sent earlier? It requires MORE than just that. -- FAN - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Re[4]: configuration freeradius for no simultaneous use
2011/12/2 Толик Шавловский tolik_shavlov...@mail.ru: Dear Alan, I assume you want help from anyone, not just Alan, so I'll add some comments here. i am not good acquainted with freeradius. So, from doc/Simultaneous-use i understood that freeradius requres script, which will connect to NAS and check user session. Am i right? That's one way to do that (and possibly the most accurate way). But not the ONLY way. You can make it work without the script, if you store accounting data in sql. See (for example) raddb/sql/mysql/dialup.conf, look for simul_count_query and simul_verify_query. But again, you need to store accounting data for it to work. -- Fajar 02 декабря 2011, 12:43 от Fajar A. Nugraha l...@fajar.net: On Fri, Dec 2, 2011 at 3:37 PM, tolik_shavlov...@mail.ru tolik_shavlov...@mail.ru wrote: Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. Did you read the doc? Or the reply I sent earlier? It requires MORE than just that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[6]: configuration freeradius for no simultaneous use
Fajar, thanks. I understand how to search. 02 декабря 2011, 13:53 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5041277...@n5.nabble.com: 2011/12/2 Толик Шавловский [hidden email]: Dear Alan, I assume you want help from anyone, not just Alan, so I'll add some comments here. i am not good acquainted with freeradius. So, from doc/Simultaneous-use i understood that freeradius requres script, which will connect to NAS and check user session. Am i right? That's one way to do that (and possibly the most accurate way). But not the ONLY way. You can make it work without the script, if you store accounting data in sql. See (for example) raddb/sql/mysql/dialup.conf, look for simul_count_query and simul_verify_query. But again, you need to store accounting data for it to work. -- Fajar 02 декабря 2011, 12:43 от Fajar A. Nugraha [hidden email]: On Fri, Dec 2, 2011 at 3:37 PM, [hidden email] [hidden email] wrote: Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. Did you read the doc? Or the reply I sent earlier? It requires MORE than just that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041277.html To unsubscribe from configuration freeradius for no simultaneous use, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041322.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[7]: configuration freeradius for no simultaneous use
Hi again, as i found naslist and naspass are old configuration files, now their functionality is used in clients.conf file. So, i indicated nastype = cisco will freeradius connect to nas in this case? 02 декабря 2011, 14:39 от tolik_shavlov...@mail.ru tolik_shavlov...@mail.ru: Hi, according to doc: === 3. IMPLEMENTATION The server keeps a list of logged-in users in the /var/log/radutmp file. This is also called the session database. When you execute radwho, all that radwho really does is list the entries in this file in a pretty format. Only when someone tries to login who _already_ has an active session according to the radutmp file, the server executes the perl script /usr/local/sbin/checkrad (or /usr/sbin/checkrad, it checks for the presence of both and in that order). This script queries the terminal server to see if the user indeed already has an active session. The script uses SNMP for Livingston Portmasters and Ciscos, finger for Portslave, Computone and Ascend, and Net::Telnet for USR/3Com TC. Since the script has been witten in perl, it's easy to adjust for any type of terminal server. There are implementations in the script for checks using SNMP, finger, and telnet, so it should be easy to add your own check routine if your terminal server is not supported yet. You can find the script in the file src/checkrad.pl. You need to set the correct type in the file /etc/raddb/naslist so that checkrad KNOWS how it should interrogate the terminal server. At this time you can define the following types: = my /usr/local/etc/raddb doesn't has naslist ans naspassword files. If i configure them manually, so freeradius will connect to NAS (we use cisco) via snmp and check user session? So, in such way i don't need script? thanks. 02 декабря 2011, 13:53 от Fajar A. Nugraha-2 [via FreeRadius] [hidden email]: 2011/12/2 Толик Шавловский [hidden email]: Dear Alan, I assume you want help from anyone, not just Alan, so I'll add some comments here. i am not good acquainted with freeradius. So, from doc/Simultaneous-use i understood that freeradius requres script, which will connect to NAS and check user session. Am i right? That's one way to do that (and possibly the most accurate way). But not the ONLY way. You can make it work without the script, if you store accounting data in sql. See (for example) raddb/sql/mysql/dialup.conf, look for simul_count_query and simul_verify_query. But again, you need to store accounting data for it to work. -- Fajar 02 декабря 2011, 12:43 от Fajar A. Nugraha [hidden email]: On Fri, Dec 2, 2011 at 3:37 PM, [hidden email] [hidden email] wrote: Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. Did you read the doc? Or the reply I sent earlier? It requires MORE than just that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041277.html To unsubscribe from configuration freeradius for no simultaneous use, click here. NAML -- View this message in context: Re[6]: configuration freeradius for no simultaneous use Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuration freeradius for no simultaneous use
Толик Шавловский wrote: So, i indicated nastype = cisco will freeradius connect to nas in this case? Only if the server receives accounting packets, AND a user session is still open, AND that user tries to log in a second time from a different location. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re[6]: configuration freeradius for no simultaneous use
Hi, according to doc: === 3. IMPLEMENTATION The server keeps a list of logged-in users in the /var/log/radutmp file. This is also called the session database. When you execute radwho, all that radwho really does is list the entries in this file in a pretty format. Only when someone tries to login who _already_ has an active session according to the radutmp file, the server executes the perl script /usr/local/sbin/checkrad (or /usr/sbin/checkrad, it checks for the presence of both and in that order). This script queries the terminal server to see if the user indeed already has an active session. The script uses SNMP for Livingston Portmasters and Ciscos, finger for Portslave, Computone and Ascend, and Net::Telnet for USR/3Com TC. Since the script has been witten in perl, it's easy to adjust for any type of terminal server. There are implementations in the script for checks using SNMP, finger, and telnet, so it should be easy to add your own check routine if your terminal server is not supported yet. You can find the script in the file src/checkrad.pl. You need to set the correct type in the file /etc/raddb/naslist so that checkrad KNOWS how it should interrogate the terminal server. At this time you can define the following types: = my /usr/local/etc/raddb doesn't has naslist ans naspassword files. If i configure them manually, so freeradius will connect to NAS (we use cisco) via snmp and check user session? So, in such way i don't need script? thanks. 02 декабря 2011, 13:53 от Fajar A. Nugraha-2 [via FreeRadius] ml-node+s1045715n5041277...@n5.nabble.com: 2011/12/2 Толик Шавловский [hidden email]: Dear Alan, I assume you want help from anyone, not just Alan, so I'll add some comments here. i am not good acquainted with freeradius. So, from doc/Simultaneous-use i understood that freeradius requres script, which will connect to NAS and check user session. Am i right? That's one way to do that (and possibly the most accurate way). But not the ONLY way. You can make it work without the script, if you store accounting data in sql. See (for example) raddb/sql/mysql/dialup.conf, look for simul_count_query and simul_verify_query. But again, you need to store accounting data for it to work. -- Fajar 02 декабря 2011, 12:43 от Fajar A. Nugraha [hidden email]: On Fri, Dec 2, 2011 at 3:37 PM, [hidden email] [hidden email] wrote: Dear Alan, i added Simultaneous-Use = 1 to user profile in users file. Did you read the doc? Or the reply I sent earlier? It requires MORE than just that. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html -- If you reply to this email, your message will be added to the discussion below: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041277.html To unsubscribe from configuration freeradius for no simultaneous use, click here. NAML -- View this message in context: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5041384.html Sent from the FreeRadius - User mailing list archive at Nabble.com.- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
configuration freeradius for no simultaneous use
Hi, i need your help in configuration freeradius for no simultaneous use. So, i need one active user per login/password. I configured user as follow: te...@wimax.com Cleartext-Password := test Framed-Filter-Id = SP=data:MSF=data;, Simultaneous-Use = 1, but my WIMAX CPEs (also WiFi users) continue connecting with the same login/password. what can be the issue? thanks Anatolii -- View this message in context: http://freeradius.1045715.n5.nabble.com/configuration-freeradius-for-no-simultaneous-use-tp5040887p5040887.html Sent from the FreeRadius - User mailing list archive at Nabble.com. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuration freeradius for no simultaneous use
On Fri, Dec 2, 2011 at 2:31 PM, tolik_shavlov...@mail.ru tolik_shavlov...@mail.ru wrote: Hi, i need your help in configuration freeradius for no simultaneous use. simultanouse use limit is somewhat ... awkward. So, i need one active user per login/password. I configured user as follow: te...@wimax.com Cleartext-Password := test Framed-Filter-Id = SP=data:MSF=data;, Simultaneous-Use = 1, but my WIMAX CPEs (also WiFi users) continue connecting with the same login/password. what can be the issue? For starters: - do you have accounting active? some setups (e.g. some types of wireless AP with radius/802.1x auth) can't send accounting. simultaneous use check can't work in that setup - do you have some kind of simultaneous check active, either with sql/radutmp/whatever? See raddb/sites-available/default, look for session section. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: configuration freeradius for no simultaneous use
tolik_shavlov...@mail.ru wrote: i need your help in configuration freeradius for no simultaneous use. doc/Simultaneous-Use See also the Wiki. Have you read that documentation and followed the instructions there? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html