Hello, I am trying to get our radius servers to authenticate a virtual ISP request. When we have the Simultaneous-Use attribute in radcheck it ALWAYS fails with a Multiple login error, no matter how may Simultaneous-Use I give it. It always says there are more logins then the number I have. I have debugging on the radcheck script and it returns that there is no one logged in.
Things work fine for all our own dial equipment, ascends, cicsos, portmaster, TNTs, etc. First here is the debug from when connecting from them: Next will be the debug from when connecting from out test Ascend. (we have a custom module that appends the domain name to a username if they don't supply it based off of the IP address of the NAS, ignore that stuff) rad_recv: Access-Request packet from host 170.147.113.49:58771, id=46, length=114 User-Name = "[EMAIL PROTECTED]" User-Password = "icgtest" NAS-IP-Address = 170.147.113.13 NAS-Port = 16930 Service-Type = Framed-User Framed-Protocol = PPP Called-Station-Id = "2143799633" Calling-Station-Id = "7034816192" NAS-Port-Type = Async modcall: entering group authorize modcall[authorize]: module "preprocess" returns ok rlm_realm: Looking up realm trueband.net for User-Name = "[EMAIL PROTECTED]" rlm_realm: No such realm trueband.net modcall[authorize]: module "suffix" returns noop modcall: entering group group radius_xlat: Running registered xlat function of module atdomain for string '%n' rlm_sql: sql_domain_xlat radius_xlat: '[EMAIL PROTECTED]' sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql1): sql_set_user escaped user --> '[EMAIL PROTECTED]' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql1): Reserving sql socket id: 14 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql1): Released sql socket id: 14 modcall[authorize]: module "sql1" returns ok modcall: group group returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{User-Name}%{atdomain:%n}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'' radius_xlat: Running registered xlat function of module atdomain for string '%n' rlm_sql: sql_domain_xlat radius_xlat: '[EMAIL PROTECTED]' sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'' sqlcounter_expand: '%{sql1:SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'}' radius_xlat: Running registered xlat function of module sql1 for string 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'' rlm_sql (sql1): - sql_xlat radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'' rlm_sql (sql1): Reserving sql socket id: 13 rlm_sql (sql1): - sql_xlat finished rlm_sql (sql1): Released sql socket id: 13 radius_xlat: '18' rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user [EMAIL PROTECTED], check_item=36000, counter=18 rlm_sqlcounter: Sent Reply-Item for user [EMAIL PROTECTED], Type=Session-Timeout, value=28800 modcall[authorize]: module "dailycounter" returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{User-Name}%{atdomain:%n}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'' radius_xlat: Running registered xlat function of module atdomain for string '%n' rlm_sql: sql_domain_xlat radius_xlat: '[EMAIL PROTECTED]' sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'' sqlcounter_expand: '%{sql1:SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'}' radius_xlat: Running registered xlat function of module sql1 for string 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'' rlm_sql (sql1): - sql_xlat radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'' rlm_sql (sql1): Reserving sql socket id: 12 rlm_sql (sql1): - sql_xlat finished rlm_sql (sql1): Released sql socket id: 12 radius_xlat: '18' rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user [EMAIL PROTECTED], check_item=144000, counter=18 rlm_sqlcounter: Sent Reply-Item for user [EMAIL PROTECTED], Type=Session-Timeout, value=28800 modcall[authorize]: module "monthlycounter" returns ok users: Matched DEFAULT at 146 users: Matched DEFAULT at 165 users: Matched DEFAULT at 177 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password modcall: entering group session radius_xlat: '[EMAIL PROTECTED]' radutmp: using user-name [EMAIL PROTECTED] domain trueband.net radutmp: Using radutmp SQL, return code: 1 modcall[session]: module "radutmp" returns ok modcall: group session returns ok Multiple logins (max 1) : [EMAIL PROTECTED]/icgtest] (from client sc02_dai-tx.trueband.net port 1593 cli 7034816192) And Here is a request from our inhouse Ascend: rad_recv: Access-Request packet from host 12.1.235.252:1025, id=175, length=97 User-Name = "[EMAIL PROTECTED]" User-Password = "icgtest" NAS-IP-Address = 12.1.235.252 NAS-Port = 20401 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP State = 0x Acct-Session-Id = "40043No such realm trueband.net modcall[authorize]: module "suffix" returns noop modcall: entering group group radius_xlat: Running registered xlat function of module atdomain for string '%n' rlm_sql: sql_domain_xlat radius_xlat: '[EMAIL PROTECTED]' sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name radius_xlat: '[EMAIL PROTECTED]' rlm_sql (sql1): sql_set_user escaped user --> '[EMAIL PROTECTED]' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' rlm_sql (sql1): Reserving sql socket id: 6 radius_xlat: 'SELECT radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupche ck.Value,radgroupcheck.op FROM radgroupcheck,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE Username = '[EMAIL PROTECTED]' ORDER BY id' radius_xlat: 'SELECT radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgrouprep ly.Value,radgroupreply.op FROM radgroupreply,usergroup WHERE usergroup.Username = '[EMAIL PROTECTED]' AND usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id' rlm_sql (sql1): Released sql socket id: 6 modcall[authorize]: module "sql1" returns ok modcall: group group returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{User-Name}%{atdomain:%n}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'' radius_xlat: Running registered xlat function of module atdomain for string '%n' rlm_sql: sql_domain_xlat radius_xlat: '[EMAIL PROTECTED]' sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'' sqlcounter_expand: '%{sql1:SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'}' radius_xlat: Running registered xlat function of module sql1 for string 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'' rlm_sql (sql1): - sql_xlat radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1045785600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1045785600'' rlm_sql (sql1): Reserving sql socket id: 5 rlm_sql (sql1): - sql_xlat finished rlm_sql (sql1): Released sql socket id: 5 radius_xlat: '18' rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user [EMAIL PROTECTED], check_item=36000, counter=18 rlm_sqlcounter: Sent Reply-Item for user [EMAIL PROTECTED], Type=Session-Timeout, value=28800 modcall[authorize]: module "dailycounter" returns ok rlm_sqlcounter: Entering module authorize code sqlcounter_expand: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='%{User-Name}%{atdomain:%n}' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'' radius_xlat: Running registered xlat function of module atdomain for string '%n' rlm_sql: sql_domain_xlat radius_xlat: '[EMAIL PROTECTED]' sql_domain_xlat: User [EMAIL PROTECTED] already has a domain name radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'' sqlcounter_expand: '%{sql1:SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'}' radius_xlat: Running registered xlat function of module sql1 for string 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'' rlm_sql (sql1): - sql_xlat radius_xlat: 'SELECT SUM(AcctSessionTime - GREATEST((1044057600 - UNIX_TIMESTAMP(AcctStartTime)), 0)) FROM radacct WHERE UserName='[EMAIL PROTECTED]' AND UNIX_TIMESTAMP(AcctStartTime) + AcctSessionTime > '1044057600'' rlm_sql (sql1): Reserving sql socket id: 4 rlm_sql (sql1): - sql_xlat finished rlm_sql (sql1): Released sql socket id: 4 radius_xlat: '18' rlm_sqlcounter: (Check item - counter) is greater than zero rlm_sqlcounter: Authorized user [EMAIL PROTECTED], check_item=144000, counter=18 rlm_sqlcounter: Sent Reply-Item for user [EMAIL PROTECTED], Type=Session-Timeout, value=28800 modcall[authorize]: module "monthlycounter" returns ok users: Matched DEFAULT at 146 users: Matched DEFAULT at 165 users: Matched DEFAULT at 177 modcall[authorize]: module "files" returns ok modcall[authorize]: module "mschap" returns noop modcall: group authorize returns ok rad_check_password: Found Auth-Type Local auth: type Local auth: user supplied User-Password matches local User-Password modcall: entering group session radius_xlat: '[EMAIL PROTECTED]' radutmp: using user-name [EMAIL PROTECTED] domain trueband.net radutmp: Using radutmp SQL, return code: 0 modcall[session]: module "radutmp" returns ok modcall: group session returns ok Login OK: [EMAIL PROTECTED]/icgtest] (from client nrtctestmax2.trueband.net port 69) Sending Access-Accept of id 175 to 12.1.235.252:1025 NAS-Port-Type = Async Service-Type = Framed-User Framed-Protocol = PPP Framed-Routing = None Ascend-Route-IP = Route-IP-Yes Ascend-Assign-IP-Pool = 0 Ascend-Idle-Limit = 900 Ascend-Metric = 2 Session-Timeout = 15840 Idle-Timeout = 3600 Framed-IP-Address = 255.255.255.254 Framed-MTU = 576 Framed-Compression = Van-Jacobson-TCP-IP Finished request 6 Going to the next request - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html