Hello,
I am trying to use Simultaneous-Use for group users through mysql with
freeradius-snapshot-20021101.
radiusd.conf:
==============
# Session database, used for checking Simultaneous-Use. The radutmp module
# handles this
session {
# radutmp
sql
}
sql.conf:
==========
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE
UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress,
NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM ${acct_table1}
WHERE UserName='%{SQL-User-Name}' AND AcctStopTime = 0"
radgroupcheck:
==============
GroupName Attribute op Value
ppp-simul Simultaneous-Use :=3D 1
I've also used op=":="
And now users from another groups (not "ppp-simul") hasn't access too:
Multiple logins (max 1) : [ppgip] (from client riak port 11)
Sending Access-Reject of id 250 to XXX.XX.XX.XX:1026
Reply-Message := "\r\nYou are already logged in - access denied\r\n\n"
I think "GroupName" wasn't checked. Why?
====================
rad_recv: Access-Request packet from host XXX.XX.XX.XX:1026, id=250, length=82
User-Name = "ppgip"
User-Password = "XXX"
NAS-IP-Address = XXX.XX.XX.XX
NAS-Port = 11
NAS-Port-Type = Async
Connect-Info = "14400"
Framed-Protocol = PPP
Service-Type = Framed-User
modcall: entering group authorize
modcall[authorize]: module "preprocess" returns ok
radius_xlat: 'ppgip'
sql_set_user: escaped user --> 'ppgip'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE
Username = 'ppgip' ORDER BY id'
rlm_sql: Reserving sql socket id: 2
radius_xlat: 'SELECT
radgroupcheck.id,radgroupcheck.GroupName,radgroupcheck.Attribute,radgroupcheck.Value,radgroupcheck.op
FROM radgroupcheck,usergroup WHERE usergroup.Username = 'ppgip' AND
usergroup.GroupName = radgroupcheck.GroupName ORDER BY radgroupcheck.id'
radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radreply WHERE
Username = 'ppgip' ORDER BY id'
radius_xlat: 'SELECT
radgroupreply.id,radgroupreply.GroupName,radgroupreply.Attribute,radgroupreply.Value,radgroupreply.op
FROM radgroupreply,usergroup WHERE usergroup.Username = 'ppgip' AND
usergroup.GroupName = radgroupreply.GroupName ORDER BY radgroupreply.id'
rlm_sql: Released sql socket id: 2
modcall[authorize]: module "sql" returns ok
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "noresetcounter" returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "dailycounter" returns noop
rlm_sqlcounter: Entering module authorize code
rlm_sqlcounter: Could not find Check item value pair
modcall[authorize]: module "monthlycounter" returns noop
users: Matched DEFAULT at 12
modcall[authorize]: module "files" returns ok
modcall: group authorize returns ok
auth: type Local
auth: user supplied User-Password matches local User-Password
modcall: entering group session
radius_xlat: 'ppgip'
sql_set_user: escaped user --> 'ppgip'
radius_xlat: 'SELECT COUNT(*) FROM radacct WHERE UserName='ppgip' AND
AcctStopTime = 0'
rlm_sql: Reserving sql socket id: 1
radius_xlat: 'SELECT RadAcctId, AcctSessionId, UserName, NASIPAddress,
NASPortId, FramedIPAddress, CallingStationId, FramedProtocol FROM radacct WHERE
UserName='ppgip' AND AcctStopTime = 0'
rlm_sql: Released sql socket id: 1
modcall[session]: module "sql" returns ok
modcall: group session returns ok
Multiple logins (max 1) : [ppgip] (from client riak port 11)
Sending Access-Reject of id 250 to XXX.XX.XX.XX:1026
Reply-Message := "\r\nYou are already logged in - access denied\r\n\n"
Finished request 5
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
