Hello,
I am trying to get our radius servers to authenticate a virtual ISP request.
When we have the Simultaneous-Use attribute in radcheck it ALWAYS fails with
a Multiple login error, no matter how may Simultaneous-Use I give it. It
always says there are more logins then the number I have. I have debugging
on the radcheck script and it returns that there is no one logged in.
Things work fine for all our own dial equipment, ascends, cicsos,
portmaster, TNTs, etc.
First here is the debug from when connecting from them: Next will be the
debug from when connecting from out test Ascend. (we have a custom module
that appends the domain name to a username if they don't supply it based off
of the IP address of the NAS, ignore that stuff)
rad_recv: Access-Request packet from host 170.147.113.49:58771, id=46,
length=114
User-Name = "[EMAIL PROTECTED]"
User-Password = "icgtest"
NAS-IP-Address = 170.147.113.13
NAS-Port = 16930
Service-Type = Framed-User
Framed-Protocol = PPP
Called-Station-Id = "2143799633"
Calling-Station-Id = "7034816192"
NAS-Port-Type = Async
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
rlm_realm: Looking up realm trueband.net for User-Name =
"[EMAIL PROTECTED]"
rlm_realm: No such realm trueband.net
modcall[authorize]: module "suffix" returns noop
modcall: entering group group
radius_xlat: Running registered xlat function of module atdomain for string
'%n'
rlm_sql: sql_domain_xlat
radius_xlat: '[EMAIL PROTECTED]'
sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql1): sql_set_user escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id'
rlm_sql (sql1): Reserving sql socket id: 14
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql1): Released sql socket id: 14
modcall[authorize]: module "sql1" returns ok
modcall: group group returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='%{User-Name}%{atdomain:%n}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600''
radius_xlat: Running registered xlat function of module atdomain for string
'%n'
rlm_sql: sql_domain_xlat
radius_xlat: '[EMAIL PROTECTED]'
sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600''
sqlcounter_expand: '%{sql1:SELECT SUM(AcctSessionTime -
GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct
WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600'}'
radius_xlat: Running registered xlat function of module sql1 for string
'SELECT SUM(AcctSessionTime - GREATEST((1045785600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600''
rlm_sql (sql1): - sql_xlat
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600''
rlm_sql (sql1): Reserving sql socket id: 13
rlm_sql (sql1): - sql_xlat finished
rlm_sql (sql1): Released sql socket id: 13
radius_xlat: '18'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user [EMAIL PROTECTED], check_item=36000,
counter=18
rlm_sqlcounter: Sent Reply-Item for user [EMAIL PROTECTED],
Type=Session-Timeout, value=28800
modcall[authorize]: module "dailycounter" returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='%{User-Name}%{atdomain:%n}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600''
radius_xlat: Running registered xlat function of module atdomain for string
'%n'
rlm_sql: sql_domain_xlat
radius_xlat: '[EMAIL PROTECTED]'
sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600''
sqlcounter_expand: '%{sql1:SELECT SUM(AcctSessionTime -
GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct
WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600'}'
radius_xlat: Running registered xlat function of module sql1 for string
'SELECT SUM(AcctSessionTime - GREATEST((1044057600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600''
rlm_sql (sql1): - sql_xlat
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600''
rlm_sql (sql1): Reserving sql socket id: 12
rlm_sql (sql1): - sql_xlat finished
rlm_sql (sql1): Released sql socket id: 12
radius_xlat: '18'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user [EMAIL PROTECTED], check_item=144000,
counter=18
rlm_sqlcounter: Sent Reply-Item for user [EMAIL PROTECTED],
Type=Session-Timeout, value=28800
modcall[authorize]: module "monthlycounter" returns ok
users: Matched DEFAULT at 146
users: Matched DEFAULT at 165
users: Matched DEFAULT at 177
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
modcall: entering group session
radius_xlat: '[EMAIL PROTECTED]'
radutmp: using user-name [EMAIL PROTECTED] domain trueband.net
radutmp: Using radutmp SQL, return code: 1
modcall[session]: module "radutmp" returns ok
modcall: group session returns ok
Multiple logins (max 1) : [EMAIL PROTECTED]/icgtest] (from client
sc02_dai-tx.trueband.net port 1593 cli 7034816192)
And Here is a request from our inhouse Ascend:
rad_recv: Access-Request packet from host 12.1.235.252:1025, id=175,
length=97
User-Name = "[EMAIL PROTECTED]"
User-Password = "icgtest"
NAS-IP-Address = 12.1.235.252
NAS-Port = 20401
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
State = 0x
Acct-Session-Id = "40043No such realm trueband.net
modcall[authorize]: module "suffix" returns noop
modcall: entering group group
radius_xlat: Running registered xlat function of module atdomain for string
'%n'
rlm_sql: sql_domain_xlat
radius_xlat: '[EMAIL PROTECTED]'
sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name
radius_xlat: '[EMAIL PROTECTED]'
rlm_sql (sql1): sql_set_user escaped user --> '[EMAIL PROTECTED]'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id'
rlm_sql (sql1): Reserving sql socket id: 6
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche
ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE
usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName =
radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = '[EMAIL PROTECTED]' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep
ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE
usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName =
radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql (sql1): Released sql socket id: 6
modcall[authorize]: module "sql1" returns ok
modcall: group group returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='%{User-Name}%{atdomain:%n}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600''
radius_xlat: Running registered xlat function of module atdomain for string
'%n'
rlm_sql: sql_domain_xlat
radius_xlat: '[EMAIL PROTECTED]'
sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600''
sqlcounter_expand: '%{sql1:SELECT SUM(AcctSessionTime -
GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct
WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600'}'
radius_xlat: Running registered xlat function of module sql1 for string
'SELECT SUM(AcctSessionTime - GREATEST((1045785600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600''
rlm_sql (sql1): - sql_xlat
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1045785600''
rlm_sql (sql1): Reserving sql socket id: 5
rlm_sql (sql1): - sql_xlat finished
rlm_sql (sql1): Released sql socket id: 5
radius_xlat: '18'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user [EMAIL PROTECTED], check_item=36000,
counter=18
rlm_sqlcounter: Sent Reply-Item for user [EMAIL PROTECTED],
Type=Session-Timeout, value=28800
modcall[authorize]: module "dailycounter" returns ok
rlm_sqlcounter: Entering module authorize code
sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='%{User-Name}%{atdomain:%n}' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600''
radius_xlat: Running registered xlat function of module atdomain for string
'%n'
rlm_sql: sql_domain_xlat
radius_xlat: '[EMAIL PROTECTED]'
sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600''
sqlcounter_expand: '%{sql1:SELECT SUM(AcctSessionTime -
GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct
WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600'}'
radius_xlat: Running registered xlat function of module sql1 for string
'SELECT SUM(AcctSessionTime - GREATEST((1044057600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600''
rlm_sql (sql1): - sql_xlat
radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 -
UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE
UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) +
AcctSessionTime > '1044057600''
rlm_sql (sql1): Reserving sql socket id: 4
rlm_sql (sql1): - sql_xlat finished
rlm_sql (sql1): Released sql socket id: 4
radius_xlat: '18'
rlm_sqlcounter: (Check item - counter) is greater than zero
rlm_sqlcounter: Authorized user [EMAIL PROTECTED], check_item=144000,
counter=18
rlm_sqlcounter: Sent Reply-Item for user [EMAIL PROTECTED],
Type=Session-Timeout, value=28800
modcall[authorize]: module "monthlycounter" returns ok
users: Matched DEFAULT at 146
users: Matched DEFAULT at 165
users: Matched DEFAULT at 177
modcall[authorize]: module "files" returns ok
modcall[authorize]: module "mschap" returns noop
modcall: group authorize returns ok
rad_check_password: Found Auth-Type Local
auth: type Local
auth: user supplied User-Password matches local User-Password
modcall: entering group session
radius_xlat: '[EMAIL PROTECTED]'
radutmp: using user-name [EMAIL PROTECTED] domain trueband.net
radutmp: Using radutmp SQL, return code: 0
modcall[session]: module "radutmp" returns ok
modcall: group session returns ok
Login OK: [EMAIL PROTECTED]/icgtest] (from client
nrtctestmax2.trueband.net port 69)
Sending Access-Accept of id 175 to 12.1.235.252:1025
NAS-Port-Type = Async
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-Routing = None
Ascend-Route-IP = Route-IP-Yes
Ascend-Assign-IP-Pool = 0
Ascend-Idle-Limit = 900
Ascend-Metric = 2
Session-Timeout = 15840
Idle-Timeout = 3600
Framed-IP-Address = 255.255.255.254
Framed-MTU = 576
Framed-Compression = Van-Jacobson-TCP-IP
Finished request 6
Going to the next request
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
