On Fri, 19 Sep 2003 11:8:55 +0800
[EMAIL PROTECTED] wrote:
test Auth-Type = Crypt-Local, Crypt-Password == $1$YoWRpiSV$QsHmtOSFoOGEw4i7LjaLV/,
Simultaneous-Use := 1
Hi all!
How to configure some accounts be limited to only one login at a time and some
not?
see /doc/Simultaneous-Use
Am Fre, 2003-09-19 um 05.08 schrieb :
Hi all!
How to configure some accounts be limited to only one login at a time and some
not?
EMAIL:[EMAIL PROTECTED]
TEL:020-87114020 020-87114021
2003-09-19
-
I don't know for sure about DB2 and Postgres but databases I am familiar
with (Oracle, SqlServer, MySql) have the ability to export and import
tables via csv files. That would let you move the data. There are
also some commercial utilities to let you do it, and there are ODBC
drivers available
DB) for logging purposes..
Any more suggestions? :)
Thanks
Ali
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of
Tim McCracken
Sent: Thursday, July 17, 2003 16:51
To: [EMAIL PROTECTED]
Subject: RE: Simultaneous use of two DBs
I don't know
Define 2 db instances.
Use one for autentication and the other for accounting.
Joao Frade
-Original Message-
From: Ali Gunduz [mailto:[EMAIL PROTECTED]
Sent: quinta-feira, 17 de Julho de 2003 14:59
To: [EMAIL PROTECTED]
Subject: RE: Simultaneous use of two DBs
Well, I'm sure
On Fri, Jun 20, 2003 at 11:57:46AM +0300, gunce ciftci wrote:
Dear list,
I am using (v0.8.1)
simultaneous-use attribute with Bay RAC 8000 without problems.
Users also get and see the You are already logged in - access denied
message through NAS-Prompt when they are trying to connect beyond
Alexander,
Users' native language is Turkish which uses Latin alphabet
so,luckily, ascii characters will do good.
And yes it would be nice to have customizable messages :)
Thanks,
Gunce
On Fri, 20 Jun 2003, Alexander M. Pravking wrote:
On Fri, Jun 20, 2003 at 11:57:46AM +0300, gunce ciftci
If configured correctly the Simultaneous-Use =1 parameter will limit
simultaneous logins into THAT RADIUS server to 1. If you have 1 or
fifty NAS devices pointed at the same RADIUS server with
Simultaneous-Use = 1 set for a user, that user will only be allowed to
login once no matter which
Ross Reed [EMAIL PROTECTED] wrote:
We are currently doing national dialup(freeradius 0.8.1 w/ mysql for
auth/acct) , but with no access to the national NAS's. Since radwho seems to
be flaky at times (radutmp seems to get dupes in it) Is there anyone out
there doing Simultaneous-Use another
of the records for that username will
be ended with the same AcctStopTime entered into the MySQL database, and
every entry for that username has been stopped.
Ed
From: Scott Bartlett [EMAIL PROTECTED]
To: Ed H [EMAIL PROTECTED]
Subject: RE: Simultaneous-Use + MySQL + NTRadPing
Date: Tue, 18 Mar
Ed H [EMAIL PROTECTED] wrote:
I am sending accounting (start/stop). But what happens is the same username
will be recorded multiple times in the MySQL database with a new
AcctStartTime for each entry. I can do this multiple times with the
Accounting Start packet sent from NTRadPing
I
On Fri, 14 Mar 2003, Kristina Pfaff-Harris wrote:
Okay, this is really bizarre. After awhile, Simultaneous-Use just stops
working and lets people log on more than once. (I haven't figured out how
long awhile is at the moment. Definitely overnight, possibly a couple of
hours.) At that point,
At 03:54 PM 3/11/2003 +0500, Eric wrote:
I'm using mysql authentication scheme.
As shown in documentation i'm set in radgroupcheck table such row:
groupname | parameter | op| value|
-
test|Simultaneous-Use | :=
If checkrad is run, and returns that the user is *not* online, does it
automatically zap them from radutmp?
Thanks,
Justin Wheeler
[EMAIL PROTECTED]
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Justin Wheeler [EMAIL PROTECTED] wrote:
If checkrad is run, and returns that the user is *not* online, does it
automatically zap them from radutmp?
Yes.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
On Thu, 20 Feb 2003, Justin Wheeler wrote:
my naslist has the nas that the first connection is connected to in it,
and it is listed as livingston.
In clients.conf, do you have
nastype = livingston
for that nas entry?
Kristina
-
List info/subscribe/unsubscribe? See
Justin Wheeler [EMAIL PROTECTED] wrote:
Instead of spending all that time with the checklogin.pl script, I'm
wondering if there's any issue with finding duplicate logins via the
following:
A user attempts to login -- but there's already a record of login for that
user.
I grab that IP
Am I missing anything?
IMHO, I wouldn't introduce the combined latency and fallability of ICMP
request/response packet processing and SNMP query/response handling into the
authentication/authorization process. It seems vulnerable to failure and lacking in
scalability.
ICMP packets dropped
[EMAIL PROTECTED] wrote:
The 'callback' phase takes some time and at this point there is no
radutmp record yet (in contrast at NAS there is such record). Imagine
that during 'callback' someone another tries to login with the same
account. So radiusd will not check NAS for twice login and will
Joshua Corbin [EMAIL PROTECTED] wrote:
I got Simultaneous-Use working with a MySQL setup and though I would
tell you all how I got it to work in case anyone has any questions:
That's good to hear.
Just make sure that checkrad works with your setup; I had to change my
SNMP read community,
Hi all !,
Joshua, I tried that, it works OK !.
Thank you,
Jorge.
JC Greetings,
JC I got Simultaneous-Use working with a MySQL setup and though I would
JC tell you all how I got it to work in case anyone has any questions:
JC Read http://www.freeradius.org/radiusd/doc/Simultaneous-Use
JC I
Ok I will try an out of the blue help attempt. First of all , I like
radutmp, it might be slower, but it is a well defined interface
without the MYSQL -ANYSQL layer of complexity added to it.
in other words ADD radutmp in the session section.
next add the entries in naslist and naspassword for
Hi again, I need to have some solution about this, Chris can you
helpme ?, any one on the list please ?
Thank you very much.
JM Chris,
JM thank for your answer,
JM I put radius on debug mode, then called nas (Total Control
JM w/HiperArc) as a user that where connected, but I
Chris,
thank for your answer,
I put radius on debug mode, then called nas (Total Control
w/HiperArc) as a user that where connected, but I don't see any error
and the request have not been rejected.
Below is the result of debug mode.
After that you have again radiusd.conf.
At 09:07 AM 10/17/2002 -0300, Jorge Minassian wrote:
Hi all !,
I am having some trouble about simultaneous connnection.
I can not see where would be the error on configuration, if any, and did
not get nothing browsing docs, faqs, etc, that were applicable to my config.
Can some one give some
Funk, Michael [EMAIL PROTECTED] wrote:
I am unable to make the attributes in the users file take affect, like
Simultaneous-Use :=1
Here's what I have in users
DEFAULT Service-Type == Framed-User
Framed-IP-Address = 255.255.255.254,
Simultaneous-Use := 1,
Run it in
At 01:34 PM 9/12/2002 -0400, you wrote:
I am using a bastardized approach to rlm_sql
I am using a customized query to use the data in a vpopmail table for radius
auth. I have about everything commented out in sql.conf, except for the
bare necessities to lookup names...
I am unable to make the
: Simultaneous Use
At 01:34 PM 9/12/2002 -0400, you wrote:
I am using a bastardized approach to rlm_sql
I am using a customized query to use the data in a vpopmail table for
radius
auth. I have about everything commented out in sql.conf, except for the
bare necessities to lookup names...
I am unable
files, not accounting tables, to check for an open session and deny a
new request?
-Original Message-
From: Chris Brotsos [mailto:[EMAIL PROTECTED]]
Sent: Thursday, September 12, 2002 12:58 PM
To: [EMAIL PROTECTED]
Subject: Re: Simultaneous Use
At 01:34 PM 9/12/2002 -0400
: Simultaneous Use
At 01:34 PM 9/12/2002 -0400, you wrote:
I am using a bastardized approach to rlm_sql
I am using a customized query to use the data in a vpopmail table for
radius
auth. I have about everything commented out in sql.conf, except for the
bare necessities to lookup names...
I am unable
Funk, Michael [EMAIL PROTECTED] wrote:
I'm being told by other sources that you must have SNMP access to the NAS in
order for Simultaneous-Use and Port-Limit to work.
No. Port-Limit is an attribute that the RADIUS server sends to the
NAS. If the NAS ignores it, there's nothing that the
Dave Brodin [EMAIL PROTECTED] wrote:
From looking at how things work with FreeRADIUS, it seems like the
Simultaneous-Use function would only work if the authentication and
accounting servers are the same so RADIUS has access to the radutmp file
at authentication time. Is that correct?
Try the following:
1. Add Fall-Through = 1 in reply items.
2. Check if you have SNMP access rights to the NAS.
3. Read Simultaneous-Use document.
4. Check if there is the following section in radius.conf
session {
radutmp
}
5. Run checkrad script manual to
Justin Ainsworth [EMAIL PROTECTED] wrote:
Is it possible to only enforce Simultaneous use, based on the huntgroup
that the client is in?
Yes.
DEFAULT Huntgroup-Name == foo, Simultaneous-Use := 1
...
That will apply to each user in the huntgroup.
Alan DeKok.
-
List
ok, i found that it works, but only for the last logged-in user. i think
there's a problem with my radutmp file. it seesm it only remembers the last
logged-in user. when i do radwho i get only one user, the last logged-in.
i'm running on freebsd 4.5 with freeradius 0.5.
any ideas?
thanks :)
| Framed-MTU | 576| = |
++---++-+--+
From: yoav [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: simultaneous-use mysql
Date: Sat, 30 Mar 2002 19:12:35 +0300
hey
still doesn't work for me.
checkrad reports that double detected, so it works. but still users are able
to connect more than once. here is the radgroupcheck table:
++---+--+---+--+
| id | GroupName | Attribute| Value | op |
| = |
++---+--+---+--+
From: yoav [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: simultaneous-use mysql
Date: Sat, 30 Mar 2002 13:54:34 +0300 (IDT)
hey
still doesn't work for me.
checkrad reports that double detected, so it works
: yoav [EMAIL PROTECTED]
Reply-To: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED]
Subject: Re: simultaneous-use mysql
Date: Sat, 30 Mar 2002 13:54:34 +0300 (IDT)
hey
still doesn't work for me.
checkrad reports that double detected, so it works. but still users are
able
to connect
what should i put in the op column? what's it for?
At 09:15 AM 3/26/2002 -0500, Randy Moore wrote:
Hi,
Do you have radutmp in your accounting and sessions blocks in
radiusd.conf?
What does radiusd -X report from the sessions module?
At 02:44 PM 3/26/2002 +0200, you wrote:
hello
i can't get
hey
yes i do have radutmp. though when i type radwho i only see the last
connected user.
what should i look for when i do radiusd -X? i couldn't find anything about
session except for some sql commands.
Hi,
Do you have radutmp in your accounting and sessions blocks in
radiusd.conf?
What
At 12:21 PM 3/27/2002 +0200, yoav wrote:
what should i put in the op column? what's it for?
It is the operator column that tells you what type of operator to use.
IE, if you would use 'Simultaneous-Use := 1' in the users file, then you
must set the operator column to ':='.
It uses '==' by
Hi,
Do you have radutmp in your accounting and sessions blocks in radiusd.conf?
What does radiusd -X report from the sessions module?
At 02:44 PM 3/26/2002 +0200, you wrote:
hello
i can't get Simultaneous-Use to work.
checkrad works well. it returns:
yoavb matches yoavb on port slot:2/mod:4
At 09:15 AM 3/26/2002 -0500, Randy Moore wrote:
Hi,
Do you have radutmp in your accounting and sessions blocks in radiusd.conf?
What does radiusd -X report from the sessions module?
At 02:44 PM 3/26/2002 +0200, you wrote:
hello
i can't get Simultaneous-Use to work.
checkrad works well. it
I am having exactly the same problem as below...
Could anyone make it work ?
Hi,
Trying to restrict a user to only one 'Simultaneous-Use' and I get the
error in debug ::
rlm_sql: Pairs do not match [testuser]
modcall[authorize]: module sql returns notfound
modcall: group authorize
, February 11, 2002 2:15 PM
Subject: Re: Simultaneous Use not working
Are you using realms? If so, you'll need to get a current CVS
snapshot. Even v 0.4 will not work. (radutmp stores the username with
the realm stripped, but the checksimul routine looks for usernames
without the realm
PROTECTED]
Sent: Monday, February 11, 2002 2:15 PM
Subject: Re: Simultaneous Use not working
Are you using realms? If so, you'll need to get a current CVS
snapshot. Even v 0.4 will not work. (radutmp stores the username with the
realm stripped, but the checksimul routine looks for usernames
Are you using realms? If so, you'll need to get a current CVS
snapshot. Even v 0.4 will not work. (radutmp stores the username with the
realm stripped, but the checksimul routine looks for usernames without the
realm stripped).
There are *lots* of fixes to the SQL handling code, even since
PROTECTED]
Sent: Monday, February 11, 2002 2:15 PM
Subject: Re: Simultaneous Use not working
Are you using realms? If so, you'll need to get a current CVS
snapshot. Even v 0.4 will not work. (radutmp stores the username with the
realm stripped, but the checksimul routine looks for usernames
On Sun, 30 Dec 2001, Gary Barnden wrote:
Hello all,
Following is the DEFAULT entry for one of my Access Servers and one
MultiLink PPP customer. Now for all non-MultiLink PPP customers this
configuration works like a charm.
However, it does not work for MultiLink PPP customers
mppp1
Eric,
Thanks much for the pointer. I've got it working now.
For the record, the patch is not necessary if you upgrade to freeradius v
0.4, but the mysql schema and the distribution sql.conf files have not been
updated to make use of the new capabilities.
I'm submitting a patch file to
Here is the error message i've got when executing radiusd -X :
rlm_sql: Released sql socket id: 4
rlm_sql: Pairs do not match [toto]
modcall[authorize]: module sql returns notfound
modcall: group authorize returns notfound
auth: No Auth-Type configuration for the request, rejecting the user
---
authorize {
preprocess
files
}
authenticate{
sql
}
...
session {
radutmp
}
---
Thanks
Bogdan
- Original Message -
From: Bogdan [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Friday, November 09, 2001 7:13 PM
Subject: Re: Simultaneous-Use
Hi guys
I down
Hi guys
I down loaded the latest CVS 20011108, installed and restarted the comp.
but Simultaneous-Use := 1 still does not work, i can login as a second user
Just to explain
i use authenticate (username/password) from sql but i use users file for defaults,
is it OK to use it like this?
It would also be nice if you add some words about radwatch to
/doc/supervise-radiusd.txt
Suggested text ... ??
Here is the diff.
[root@bb-sv doc]# diff supervise-radiusd.txt.old supervise-radiusd.txt
14c14,15
either Dan Bernstein's 'daemontools' package or the inittab file.
---
Hi!
Nikolay P. Romanyuk [EMAIL PROTECTED] wrote:
P.S. I am very sorry, but letters to '[EMAIL PROTECTED]'
without replies.
I've been a little busy, sorry. Send the patches to the list, so
everyone else can see them, too.
I have a patches fixing detecting PostgreSQL on
Nikolay P. Romanyuk [EMAIL PROTECTED] wrote:
P.S. I am very sorry, but letters to '[EMAIL PROTECTED]'
without replies.
I've been a little busy, sorry. Send the patches to the list, so
everyone else can see them, too.
I have a patches fixing detecting PostgreSQL on
FreeBSD-4.X
Those I
Andrew Melnikov [EMAIL PROTECTED] wrote:
It would also be nice if you add some words about radwatch to
/doc/supervise-radiusd.txt
Suggested text ... ??
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
We had that when we deleted radutmp from radiusd.conf session
i belive radius uses it to record who's on you might need this in accounting section
too
check if you have that entry there
session {
radutmp
}
- Original Message -
From: Andrew Melnikov [EMAIL PROTECTED]
To: [EMAIL
Andrew Melnikov [EMAIL PROTECTED] wrote:
First, in /doc/Simultaneous-Use file I can see the following:
...
That's wrong. I'll correct it now.
It would also be nice if you add some words about radwatch to
/doc/supervise-radiusd.txt
...
Grab the CVS snapshot from tonight, and take a
At 03:52 PM 10/2/2001 +0200, you wrote:
Hello,
I can't get Simultaneous-Use working. I use portslave as NAS. I have
ctlportslave running as fingerd. checkrad perl script works fine when I run
it manually. But it is never run by freeradius. I think this is because I
don't understand the meaning
At 08:29 PM 10/2/2001 +0600, you wrote:
On Tue, Oct 02, 2001 at 01:46:38PM +0100, Sergey V. Sichevsky wrote:
MHAH Simultanous-Use and Login-Time does not work with rlm_sql modules
MHAH without a minor change in source code.
Can I define this parameter w/o changes in code?
In
Andrew Melnikov [EMAIL PROTECTED] wrote:
First, in /doc/Simultaneous-Use file I can see the following:
...
That's wrong. I'll correct it now.
So, something in the documentation is incorrect. Can somebody tell me what
should I change in my users file to make simultaneous logins limit
èÕ ÉÚ ÚÉÓØ, äÒÉÎËÉÎÓ?
éÃ Ü Sergey V. Sichevsky [[EMAIL PROTECTED]] ×ÒÏÔÅ:
If I define it in in radcheck or radgroupcheck tables FreeRADIUS
says:
[skip]
rlm_sql: Pairs do not match [test]
You must wrote 'Simultaneous-Use = 1' into radreply (radgroupreply) also.
Some question for
BJ Mayhan [EMAIL PROTECTED] wrote:
I am having the same problem limiting users. I am using freeradius 0.1
also. I am running it on a linux box. I have tried some of the same
combinations you have with no sucess. I was told at one time that I had to
check the naspasswd file to allow
65 matches
Mail list logo