i want to unable people connecting with same login more than one time in a wireless network with cisco AP1100 first when i use radcheck i have reults like that :
checkrad -d cisco 195.220.107.35 981 SNMP 0 snmpget: /usr/bin/snmpget -r 1 -t 5 -v2c -c 'xxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.981 user at port S981: Instance snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'xxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) sentinelle raddb # checkrad -d cisco 195.220.107.35 980 SNMP 0 snmpget: /usr/bin/snmpget -r 1 -t 5 -v2c -c 'xxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.980 user at port S980: Instance snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'xxxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) sentinelle raddb # checkrad -d cisco 195.220.107.35 900 SNMP 0 snmpget: /usr/bin/snmpget -r 1 -t 5 -v2c -c 'xxxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.900 user at port S900: Instance snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'xxxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) sentinelle raddb # checkrad -d cisco 195.220.107.35 10 SNMP 0 snmpget: /usr/bin/snmpget -r 1 -t 5 -v2c -c 'xxxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.10 user at port S10: snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'xxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) sentinelle raddb # checkrad -d cisco 195.220.107.35 1000 SNMP 0 snmpget: /usr/bin/snmpget -r 1 -t 5 -v2c -c 'xxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.1000 user at port S1000: Instance snpwalk: /usr/bin/snmpwalk -r 1 -t 5 -v2c -c 'xxxxxxx' 195.220.107.35 .iso.org.dod.internet.private.enterprises.9.10.19.1.3.1.1.3 Returning 0 (login ok) sentinelle raddb # how must i understand this result it seems to me it that nas-Port and session id could be arbitrary , because the NAS-Port of the last response from server was 981 , and why does ot tell me same thing with NAS-Port = 1000 second when someone is connected on one AP and try to connect on another AP how checkrad will do to see the first connection ? here is the aaa configuration of an AP aaa new-model ! ! aaa group server radius rad_eap server xxx.xxx.xxx auth-port 1812 acct-port 1813 ! aaa group server radius rad_mac ! aaa group server radius rad_acct server xxx.xxx.xxx auth-port 1812 acct-port 1813 ! aaa group server radius rad_admin ! aaa group server tacacs+ tac_admin ! aaa group server radius rad_pmip ! aaa group server radius dummy ! aaa authentication login default local aaa authentication login eap_methods group rad_eap aaa authentication login mac_methods local aaa authorization exec default local aaa authorization ipmobile default group rad_pmip aaa accounting network acct_methods start-stop group radius aaa session-id common thanks for help basile -- bmathieu <[EMAIL PROTECTED]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
