> > > Hi, > > > I'm trying to use Simultaneous-Use parameter and in users file I have > the > > > only line: > > > ------------ > > > DEFAULT Simultaneous-Use := 1, Auth-Type := SQL > > > ------------ > > > > > > anyway it doesn't work. I've enabled the debug option in checkrad.pl but > > > this script, obviously, is never called by radius (because if I run it > > > manualy, I get some messages in checkrad.log file). > > > > > I have exactly the same problem. I think it's related to "module > > fall-through" problem. It seems that user module is never called because > SQL > > module returns success and this module is before users module in > > raddb/users. > > > > Last time I was advised to read "a document about how to do failover and > > the like in the /doc directory" but I had no time to look there :( > > > > Thanks a lot. I've found the problem. I've added the module "files" before > the "sql" module in the authorize section and now "Simultaneous-Use" works, > but hardly refuse to work when I use it in the radcheck table. > do you have some ideas?
I use sql tables for everything. I tried to use raddb/users only because it's known that ':=' is not supported by sql module, only '==' (radcheck) and '=' (radreply). I also tried to put 'files' before, but in this case the behaviour became very strange. For example, Framed-IP-Address still worked, but Add-Port-To-IP-Address didn't and every user got the same IP address. I tried to read doc/configurable_failover file: > Before configurable failover, we had this: > > authorize { > preprocess > files > } > > which instructed module_authorize to first pass the request through > rlm_preprocess, and if that returned success, pass it through rlm_files, > and if that returned success, module_authorize itself would then return > success. Processing was strictly linear and if one module failed, the whole > function would fail immediately. > > Configurable failover provides more flexibility. It takes advantage of the > tree structure of radiusd.conf to support a config language that allows you > to specify groups of modules that should work together in ways other than > execute-in-order-return-on-fail. Basically you can redesign the flow of > module_authorize to fit your needs, without touching C code, just by altering > radiusd.conf. So I think we should make something like authorize { files { bla bla bla } sql { bla bla bla } } instead of authorize { files sql } But I don't know what should 'blablabla' be. The desired behaviour: if (files module thinks user is logged in more than once) { reject the user } else { authorize user using sql module, add all reply items from DB etc } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html