> > > Hi,
> > > I'm trying to use Simultaneous-Use parameter and in users file I have
> the
> > > only line:
> > > ------------
> > > DEFAULT Simultaneous-Use := 1, Auth-Type := SQL
> > > ------------
> > >
> > > anyway it doesn't work. I've enabled the debug option in checkrad.pl
but
> > > this script, obviously, is never called by radius (because if I run it
> > > manualy, I get some messages in checkrad.log file).
> > >
> > I have exactly the same problem. I think it's related to "module
> > fall-through" problem. It seems that user module is never called because
> SQL
> > module returns success and this module is before users module in
> > raddb/users.
> >
> > Last time I was advised to read "a document about how to do failover and
> > the like in the /doc directory" but I had no time to look there :(
> >
>
> Thanks a lot. I've found the problem. I've added the module "files" before
> the "sql" module in the authorize section and now "Simultaneous-Use"
works,
> but hardly refuse to work when I use it in the radcheck table.
> do you have some ideas?
I use sql tables for everything. I tried to use raddb/users only because
it's known that ':=' is not supported by sql module, only '==' (radcheck)
and '=' (radreply). I also tried to put 'files' before, but in this case the
behaviour became very strange. For example, Framed-IP-Address still worked,
but Add-Port-To-IP-Address didn't and every user got the same IP address.
I tried to read doc/configurable_failover file:
> Before configurable failover, we had this:
>
> authorize {
> preprocess
> files
> }
>
> which instructed module_authorize to first pass the request through
> rlm_preprocess, and if that returned success, pass it through rlm_files,
> and if that returned success, module_authorize itself would then return
> success. Processing was strictly linear and if one module failed, the
whole
> function would fail immediately.
>
> Configurable failover provides more flexibility. It takes advantage of the
> tree structure of radiusd.conf to support a config language that allows
you
> to specify groups of modules that should work together in ways other than
> execute-in-order-return-on-fail. Basically you can redesign the flow of
> module_authorize to fit your needs, without touching C code, just by
altering
> radiusd.conf.
So I think we should make something like
authorize {
files {
bla bla bla
}
sql {
bla bla bla
}
}
instead of
authorize {
files
sql
}
But I don't know what should 'blablabla' be.
The desired behaviour:
if (files module thinks user is logged in more than once)
{
reject the user
}
else
{
authorize user using sql module, add all reply items from DB etc
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
