Hi! Accordingly to 'doc/Simultaneous-Use' this feature works in this way: if someone tries to ask for authentication, radiusd first search radutmp file (or 'sql') and (only) if there is an open session for that user server uses checkrad script to query NAS. Record in radutmp appears only after client performs 'Accounting Start' request (please, correct me if it is not).
And now imagine situation: I'm using callback feature at NAS. In my case it is pppd+radus_plugin+cbcpS. It works in this way: auth user->callback->reauth user->acct start->...->acct stop The 'callback' phase takes some time and at this point there is no radutmp record yet (in contrast at NAS there is such record). Imagine that during 'callback' someone another tries to login with the same account. So radiusd will not check NAS for twice login and will successfully authenticate the user. So we have simultaneous use (consequences of such behaviour is another story). I don't know how another NAS'es behave in the similar situation but mine works as described. So I have a choice -- to patch radiusd or to delegate check for simultaneous use completely to NAS (which is less flexible). Any suggestions? Thanks in advance. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
