Re: Simultaneous-Use per NAS
On 8/30/07, Svend Eriksen [EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 http://10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 http://10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves This is what I do today. The problem occurs when a user leaves a NAS without logging out, and then tries to connects to another NAS. The second NAS will ask for a new login, but freeradius will answer that the user is already logged in. The solution I am looking for is that a user only can have one simultaneously login per NAS, but that the user can be logged in simultaneously on different NASes. reg Svend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
Make multiple sql instances - one for each NAS. Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše: On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 http://10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 http://10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves This is what I do today. The problem occurs when a user leaves a NAS without logging out, and then tries to connects to another NAS. The second NAS will ask for a new login, but freeradius will answer that the user is already logged in. The solution I am looking for is that a user only can have one simultaneously login per NAS, but that the user can be logged in simultaneously on different NASes. reg Svend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
I'm sorry, but I dont understand what you mean. Can you please explain? reg Svend [EMAIL PROTECTED] skrev: Make multiple sql instances - one for each NAS. Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše: On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 http://10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 http://10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves This is what I do today. The problem occurs when a user leaves a NAS without logging out, and then tries to connects to another NAS. The second NAS will ask for a new login, but freeradius will answer that the user is already logged in. The solution I am looking for is that a user only can have one simultaneously login per NAS, but that the user can be logged in simultaneously on different NASes. reg Svend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
http://wiki.freeradius.org/Rlm_sql Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše: I'm sorry, but I dont understand what you mean. Can you please explain? reg Svend [EMAIL PROTECTED] skrev: Make multiple sql instances - one for each NAS. Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše: On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 http://10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 http://10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves This is what I do today. The problem occurs when a user leaves a NAS without logging out, and then tries to connects to another NAS. The second NAS will ask for a new login, but freeradius will answer that the user is already logged in. The solution I am looking for is that a user only can have one simultaneously login per NAS, but that the user can be logged in simultaneously on different NASes. reg Svend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
I've got through the same problem, and based in some help I got here from the list I managed to solve the problem with a simple change to sql.conf, modifying the simul_count_query. The original entry: simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0 The one I use: simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0 AND NASIPAddress = '%{ NAS-IP-Address}' Basically, all I am doing is checking if the user is already logged specifically in the current NAS. Just an extra note: You will probably need to play a little with the hints, proxy and users files to get the behavior you wish. In our case, due to some policies from the university, in some NAS we wanted users to type their domains, in other NAS we wanted them without domain. Took some time to make it work Roberto [EMAIL PROTECTED] wrote: http://wiki.freeradius.org/Rlm_sql Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] pi¹e: I'm sorry, but I dont understand what you mean. Can you please explain? reg Svend [EMAIL PROTECTED] skrev: Make multiple sql instances - one for each NAS. Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] pi¹e: On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 http://10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 http://10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves This is what I do today. The problem occurs when a user leaves a NAS without logging out, and then tries to connects to another NAS. The second NAS will ask for a new login, but freeradius will answer that the user is already logged in. The solution I am looking for is that a user only can have one simultaneously login per NAS, but that the user can be logged in simultaneously on different NASes. reg Svend - -- - Marcos Roberto Greiner Os otimistas acham que estamos no melhor dos mundos Os pessimistas tem medo de que isto seja verdade Murphy - - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous-Use per NAS
Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: simultaneous-use per NAS
Marc Boisis-Delavaud wrote: Is it possible to allow only one authentication per NAS but not allow many authentication on the same NAS per user ? Yes. But you'll have to manage that DB yourself. With a little bit of code changes to rlm_radutmp, you could make the filename configurable, and use the NAS IP as part of the filename. That should get what you want automatically. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html