Re: Simultaneous-Use per NAS
On 8/30/07, Svend Eriksen [EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 http://10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 http://10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves This is what I do today. The problem occurs when a user leaves a NAS without logging out, and then tries to connects to another NAS. The second NAS will ask for a new login, but freeradius will answer that the user is already logged in. The solution I am looking for is that a user only can have one simultaneously login per NAS, but that the user can be logged in simultaneously on different NASes. reg Svend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
Make multiple sql instances - one for each NAS. Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše: On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 http://10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 http://10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves This is what I do today. The problem occurs when a user leaves a NAS without logging out, and then tries to connects to another NAS. The second NAS will ask for a new login, but freeradius will answer that the user is already logged in. The solution I am looking for is that a user only can have one simultaneously login per NAS, but that the user can be logged in simultaneously on different NASes. reg Svend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
I'm sorry, but I dont understand what you mean. Can you please explain? reg Svend [EMAIL PROTECTED] skrev: Make multiple sql instances - one for each NAS. Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše: On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 http://10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 http://10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves This is what I do today. The problem occurs when a user leaves a NAS without logging out, and then tries to connects to another NAS. The second NAS will ask for a new login, but freeradius will answer that the user is already logged in. The solution I am looking for is that a user only can have one simultaneously login per NAS, but that the user can be logged in simultaneously on different NASes. reg Svend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
http://wiki.freeradius.org/Rlm_sql Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše: I'm sorry, but I dont understand what you mean. Can you please explain? reg Svend [EMAIL PROTECTED] skrev: Make multiple sql instances - one for each NAS. Ivan Kalik Kalik Informatika ISP Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] piše: On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 http://10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 http://10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen Hi, Why don't you just add Simultaneous-Use for each user to radcheck? As I understand you correctly, that would solve the problem, right? I don't know how you actually add the new users, but it can easily be done to give them that attr. as a default one. Kind Regards, Yves This is what I do today. The problem occurs when a user leaves a NAS without logging out, and then tries to connects to another NAS. The second NAS will ask for a new login, but freeradius will answer that the user is already logged in. The solution I am looking for is that a user only can have one simultaneously login per NAS, but that the user can be logged in simultaneously on different NASes. reg Svend - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/usershtml - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Simultaneous-Use per NAS
I've got through the same problem, and based in some help I got here
from the list I managed to solve the problem with a simple change to
sql.conf, modifying the simul_count_query.
The original entry:
simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0
The one I use:
simul_count_query = SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0 AND NASIPAddress = '%{
NAS-IP-Address}'
Basically, all I am doing is checking if the user is already logged
specifically in the current NAS.
Just an extra note: You will probably need to play a little with the
hints, proxy and users files to get the behavior you wish. In our case,
due to some policies from the university, in some NAS we wanted users to
type their domains, in other NAS we wanted them without domain. Took
some time to make it work
Roberto
[EMAIL PROTECTED] wrote:
http://wiki.freeradius.org/Rlm_sql
Ivan Kalik
Kalik Informatika ISP
Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] pi¹e:
I'm sorry, but I dont understand what you mean. Can you please explain?
reg
Svend
[EMAIL PROTECTED] skrev:
Make multiple sql instances - one for each NAS.
Ivan Kalik
Kalik Informatika ISP
Dana 31/8/2007, Svend Eriksen [EMAIL PROTECTED] pi¹e:
On 8/30/07, *Svend Eriksen* [EMAIL PROTECTED]
mailto:[EMAIL PROTECTED] wrote:
Hi,
We run freeradius 1.1.6 against postgresql 8.1.
With the current configuration the user can only login one time
simultaneously. What I want is that a user can login only one time per
NAS, but that the user can login on several NASes at the same
time. The
reason for this is that a user can move between NASes without the need
to logout from the NAS he is leaving.
The user can only login to NASes that is in a group that he is a
member
of (this already works today).
Is it also possible to set the Simultaneously-Use as a default value
for all users, so we don't have to set it on all the groups?
Here are the lines from the database
SELECT * FROM radcheck
40 | user1 | Cleartext-Password | := | kebab1
41 | user1 | Expiration | := | Dec 31 2050 00:00:00
SELECT * FROM radusergroup
user1 | testusergroup |0
SELECT * FROM nas
7 | 10.0.0.1 http://10.0.0.1 | NAS1 | other | | naspw
8 | 10.0.0.2 http://10.0.0.2 | NAS2 | other | | naspw
SELECT * FROM radgroupcheck
15 | testusergroup | NAS-IP-Address | += | 10.0.0.1
http://10.0.0.1
16 | testusergroup | NAS-IP-Address | += | 10.0.0.2
http://10.0.0.2
17 | testusergroup | Simultaneous-Use | := | 1
reg
Svend Eriksen
Hi,
Why don't you just add Simultaneous-Use for each user to radcheck?
As I understand you correctly, that would solve the problem, right?
I don't know how you actually add the new users, but it can easily be
done to give them that attr. as a default one.
Kind Regards,
Yves
This is what I do today. The problem occurs when a user leaves a NAS
without logging out, and then tries to connects to another NAS. The
second NAS will ask for a new login, but freeradius will answer that the
user is already logged in.
The solution I am looking for is that a user only can have one
simultaneously login per NAS, but that the user can be logged in
simultaneously on different NASes.
reg
Svend
-
--
-
Marcos Roberto Greiner
Os otimistas acham que estamos no melhor dos mundos
Os pessimistas tem medo de que isto seja verdade
Murphy
-
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Simultaneous-Use per NAS
Hi, We run freeradius 1.1.6 against postgresql 8.1. With the current configuration the user can only login one time simultaneously. What I want is that a user can login only one time per NAS, but that the user can login on several NASes at the same time. The reason for this is that a user can move between NASes without the need to logout from the NAS he is leaving. The user can only login to NASes that is in a group that he is a member of (this already works today). Is it also possible to set the Simultaneously-Use as a default value for all users, so we don't have to set it on all the groups? Here are the lines from the database SELECT * FROM radcheck 40 | user1 | Cleartext-Password | := | kebab1 41 | user1 | Expiration | := | Dec 31 2050 00:00:00 SELECT * FROM radusergroup user1 | testusergroup |0 SELECT * FROM nas 7 | 10.0.0.1 | NAS1 | other | | naspw 8 | 10.0.0.2 | NAS2 | other | | naspw SELECT * FROM radgroupcheck 15 | testusergroup | NAS-IP-Address | += | 10.0.0.1 16 | testusergroup | NAS-IP-Address | += | 10.0.0.2 17 | testusergroup | Simultaneous-Use | := | 1 reg Svend Eriksen - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: simultaneous-use per NAS
Marc Boisis-Delavaud wrote: Is it possible to allow only one authentication per NAS but not allow many authentication on the same NAS per user ? Yes. But you'll have to manage that DB yourself. With a little bit of code changes to rlm_radutmp, you could make the filename configurable, and use the NAS IP as part of the filename. That should get what you want automatically. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
