Actually I'm using the MaxSession statement to avoid duplicate login to
the network. Unfortunately that means that if a client hangs (so he
doesn't logoff) he cannot re-login until I manually delete the session
from the RadOnline table.
Is it possible to configure Radiator so that the second
: [EMAIL PROTECTED]
Asunto: Re: (RADIATOR) MaxSessions per user and per domain
Hello Julio -
Rather than two session databases, you would use the AuthBy
PORTLIMITCHECK clause.
See section 6.41 in the Radiator 3.3.1 reference manual
(doc/ref.html).
regards
Hugh
On Wednesday, Nov 20, 2002, at 01
:[EMAIL PROTECTED]]
Enviado el: miércoles 20 de noviembre de 2002 10:23
Para: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Asunto: RE: (RADIATOR) MaxSessions per user and per domain
Nice! All this is aproaching to what we want to do!
Another question: how could I set a dynamic 'SessionLimit' in AuthBy
6152
fax: +34 91 270 6161
mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
-Mensaje original-
De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Enviado el: lunes 18 de noviembre de 2002 22:41
Para: Prada López, Julio
Cc: [EMAIL PROTECTED]
Asunto: Re: (RADIATOR) MaxSessions per user and per domain
6161
mail: [EMAIL PROTECTED] mailto:[EMAIL PROTECTED]
-Mensaje original-
De: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Enviado el: lunes 18 de noviembre de 2002 22:41
Para: Prada López, Julio
Cc: [EMAIL PROTECTED]
Asunto: Re: (RADIATOR) MaxSessions per user and per domain
Hello Julio
Hi all,
I am trying to configure a Radiator instance to allow controlling both the
maximum sessions per user and per domain.
Nowadays I have implemented the 'Simultaneous-Use' check with a LDAP
atribute and the default query in CountQuery (default query uses [...]where
USERNAME=%u). That works
Hello Julio -
The simplest way to do this is to define two AuthBy LDAP* clauses, one
for each check.
regards
Hugh
On Monday, Nov 18, 2002, at 22:30 Australia/Melbourne, Prada López,
Julio wrote:
Hi all,
I am trying to configure a Radiator instance to allow controlling both
the
maximum
Hello Robert -
Both the NAS and Radiator consider case differences as different usernames,
so the answer to your question is no - the RewriteUsername has no bearing. As
mentioned previously, the only way to deal with the problem is with a session
database that stores both the original and
Hello Robert -
Radiator maintains the session database with the username as entered on the
NAS. If you want to do login limits based on the rewritten username, you
should use an SQL session database and redefine the queries to use the
rewritten username.
regards
Hugh
On Sat, 2 Feb 2002
Hugh,
I assume that it won't allow the uppercase to log in if I don't use the
rewrite username also?
Thanks,
Robert
Hugh Irvine wrote:
Hello Robert -
Radiator maintains the session database with the username as entered on the
NAS. If you want to do login limits based on the rewritten
Hello,
I've recently started using the MaxSession clause in my default realm
and see something strange. It would appear that it's working properly
and only allowing the user to login once unless the user uses a capital
letter in their username (ie bert and Bert are being treated as
different
I am trying to avoid any user to have more than one simultaneous session. I do it with:
Realm princast
...
MaxSessions 1
...
/Realm
but it doesn't seem to work. It even does not work when I test it with radpwtst
(sending an Access-Request and a Start Accounting-Request and then
Hello Alejandro -
You have to be careful when using radpwtst to test simultaneous use because
radpwtst uses the same NAS-Port and NAS-IP-Address by default for each
request. This will cause the first session to be deleted before the second
session is tested. Also note that radpwtst also
Hello Todd -
On Saturday 06 October 2001 02:32, Todd Dokey wrote:
Is there a way to enforce MaxSessions across different Clients?
I have a problem with people using the same login in San Francisco and Los
Angeles.
By and large, they both are dealt with by the Default Client and Default
MaxSessions won't work under text right?
Don't I need a master online calls table of somekind?
Can I use authby radius and authby text, but check accounting on Emerald's
calls table?
-
We sleep safe in our beds because rough men stand ready in the night to
visit violence on those who would
Hello Todd -
On Saturday 15 September 2001 03:04, Todd Dokey wrote:
MaxSessions won't work under text right?
Don't I need a master online calls table of somekind?
Radiator always uses an Internal session database in any case, even if an
external session database is not specified.
Can I
Hello Harrison -
What version of Radiator are you running?
This problem was fixed in Radiator 2.18.1:
Fixed a problem with Handlers where a MaxSessions denial
would still permit AuthBys to run and perhaps 2 replies to be
returned. Reported by Frederic Gargula
regards
Hugh
On
Title: MaxSessions
Hello,
Is it possible to prevent executing AuthBy clauses when MaxSessions exceeds (within a Handler).
When radiator receives Access-Request, it determine an appropriate handler to process request.
Then it checks whether the user has reach MaxSessions.
In this case user
Hello,
I didn't read the entire thread, but couldn't you just do this:
Handler Request-Type = Accounting-Request
# strip off realm:
RewriteUsername s/^([^@]+).*/$1/
/Handler
? If I neglected to read something, I apologize in advance.
Dave
On Friday 13 July 2001 20:58,
Hello Dave, Hello Dmitry -
The problem is that Radiator does a delete on reception of an access request
as well as when it gets an accounting stop. This in addition to the fact that
by default, Radiator always uses the username string received from the NAS
(which it must do if it is to do
Hello Vangelis -
Actually, an internal session database is exactly that - a session database
held entirely in memory. The username in each request is what is used, as
follows: Access-Request - check current sessions and reject if limit
exceeded, Accounting Start - add new record, Accounting
Hello Dmitry -
Here is what I get with this configuration file (copied from your mail):
Foreground
Trace 4
Client DEFAULT
Secret mysecret
/Client
Handler Realm=bbeyond.nl
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 1
AuthBy FILE
Filename ./bbeyond.users
/AuthBy
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 13, 2001 8:43 AM
To: Vangelis Kyriakakis; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) MaxSessions issue, still a problem
Hello Vangelis -
Actually, an internal session database is exactly that - a session database
held entirely in me
s possible to rewrite the User-Name
in Accounting request? Or maybe there is another solution?
regards,
Dmitry Kopylov
-Original Message-
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 13, 2001 8:43 AM
To: Vangelis Kyriakakis; [EMAIL PROTECTED]
Subject: Re: (RADI
Hi,
I upgraded to the 18.2.2 but the problem with MaxSession still exists. Here
is part of config and trace 4 output:
Handler Realm=bbeyond.nl
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 1
AuthBy FILE
/AuthBy
AcctLogFileName %L/bbeyond/details
I think the problem when you use the Internal session database is that it
uses the username from the Accounting file to count the number of sessions. When
a new user logs in it checks the rewritten username against the session
database. So it checks with the name uunoc and not with the [EMAIL
username Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Simultaneous-Use = 2,
Port-Limit = 2,
Framed-MTU = 1500
With this
Hello Chris -
On Sun, 13 Aug 2000, Chris M wrote:
username Auth-Type = System
Service-Type = Framed-User,
Framed-Protocol = PPP,
Framed-IP-Address = 255.255.255.254,
Simultaneous-Use = 2,
Hi all,
I have a 3Com TotalCotrol (TCH), and a Cisco 7500. The calls are sent against the TCH,
ask Radiator and
then it must establish a L2TP tunnel against the cisco. Then the cisco ask again
Radiator (anthores
proccess of Radius Server), who determines if the user can access or it can not.
Hi all,
at last, i think i now why maxsessions seems wrong:
.iso.org.dod.internet.private.enterprises.9.2.9.2.1.18.X does NOT respond with vpdn
sessions.
that 'mib' says the user connected at line x, but, if the users are l2tp (or l2f)
sessions, that 'mib'
says us "", so, the user 'has
Hello David -
On Sat, 14 Aug 1999, David Booth wrote:
Everything is working. But,
I want to enforce MaxSessions 1 for all users
Can someone run a critical eye over it?
Where does MaxSessions 1 go?
I have two NAS - Ascend and Bay4000. How do I get them both checked - with
NasType?
Everything is working. But,
I want to enforce MaxSessions 1 for all users
Can someone run a critical eye over it?
Where does MaxSessions 1 go?
I have two NAS - Ascend and Bay4000. How do I get them both checked - with
NasType?
Is DupInterval 0 for Client DEFAULT right?
David Booth
Goulburn
Hi James.
On Jun 10, 10:00pm, James H. Thompson wrote:
Subject: (RADIATOR) MaxSessions override
If you specify:
MaxSessions 1
for a realm, does a
Simultaneous-Use
item for a particular user override this?
No. Of those 2, the _most_restrictive_ one applies.
The patched version
If you specify:
MaxSessions 1
for a realm, does a
Simultaneous-Use
item for a particular user override this?
Jim
[EMAIL PROTECTED]
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the
34 matches
Mail list logo