Hello,
We currently use a different realm for each service provided, i.e.
dialup, nntp, etc. but strip the realm for authentication so that we can
use a single username and password entry in the users file. We also limit
each user to a single dialup connection. Unfortunately the
Simultaneous-use feature is causing nntp and other authentications to fail
since there is already an active dialup session in radutmp. Just an FYI we
are using MySQL for auth, acct, and radutmp.
Preferably I would like to attach the Simultaneous-use check item to a
specific realm or even to a client name. Here are the options I've
considered so far :
* An obvious fix would be to create a different users entry for each
realm and not strip the realm but this would result in a database much
larger than desired.
* Another option would be to handle Simultaneous-use checking externally
with an Exec-Program-Wait item, but this will add time to the
authentication request. (but is it more time than the built in
function takes?).
Is there another possibility I've overlooked? "Conditional check-items"?
:-)
Regards,
Chris
Chris Miller
NetGate Internet
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
