Hi,
I'm running FreeRadius 0.9.3. Today I became aware of a customer being
denied access to due an incorrect Multiple Login was detected. This is the
2nd time this has happened. This customer dials in thru another provider's
network who proxies the Radius packets to us. We authenticate the login and
tell the provider's Radius server to either allow or deny the login. For
some reason this latest event went as such.
1. The customer logged in, radutmp & mysql were updated and detail file
updated.
2. Customer disconnected, nothing received what-so-ever.
3. Customer tries to login later and is denied access due to Multiple
Logins.
The strange thing about this is the Radius server knows it can't perform
Multiple Logins detection on this provider's network so there isn't anything
in the checkrad.log file that says a Multiple Login is being checked.
To fix this I simply do a radzap to remove the customer from the radutmp
file.
Is there something in Radius that permits a rejection based solely on
the radutmp file? Again, Radius can't check the provider's network to verify
a Multiple Login. Normally, Radius verifies a Multiple Login by using the
checkrad.pl script. In this situation the login is being denied because the
radutmp file says so (and it isn't correct).
Bill Dunn
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
