On Thu, 20 Jan 2005, Rad Adm wrote: > I want to limit the users so that multiple logins are not allowed > using a single account. > > At our company we have ( proprietary ) server which forwards > authentication requests to radius which is configured to query Mysql > and confirm the user credentials. > > I have done the following > > radcheck table > +----+-------------------------+-----------+----+-------+ > | id | UserName | Attribute | op | Value | > +----+-------------------------+-----------+----+-------+ > | 7 | [EMAIL PROTECTED] | Password | == | baen1 | > | 6 | [EMAIL PROTECTED] | Auth-Type | := | Local | > +----+-------------------------+-----------+----+-------+
Why did you add Auth-Type := Local? Just curious. > > usergroup table > > +----+-------------------------+-----------+ > | id | UserName | GroupName | > +----+-------------------------+-----------+ > | 1 | [EMAIL PROTECTED] | demo | > +----+-------------------------+-----------+ > > radgroupcheck table > +----+-----------+------------------+----+-------+ > | id | GroupName | Attribute | op | Value | > +----+-----------+------------------+----+-------+ > | 1 | demo | Simultaneous-Use | := | 1 | > +----+-----------+------------------+----+-------+ > > The queries in sql.conf are : > > authorize_check_query = "SELECT id,UserName,Attribute,Value,op FROM > ${authcheck_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id" > > authorize_reply_query = "SELECT id,UserName,Attribute,Value,op FROM > ${authreply_table} WHERE Username = '%{SQL-User-Name}' ORDER BY id" > > authorize_group_check_query = "SELECT > ${groupcheck_table}.id,${groupcheck_table}.GroupName,${groupcheck_table}.Attribute,${groupcheck_table}.Value,${groupcheck_table}.op > FROM ${groupcheck_table},${usergroup_table} WHERE > ${usergroup_table}.Username = '%{SQL-User-Name}' AND > ${usergroup_table}.GroupName = ${groupcheck_table}.GroupName ORDER BY > ${groupcheck_table}.id" > > authorize_group_reply_query = "SELECT > ${groupreply_table}.id,${groupreply_table}.GroupName,${groupreply_table}.Attribute,${groupreply_table}.Value,${groupreply_table}.op > FROM ${groupreply_table},${usergroup_table} WHERE > ${usergroup_table}.Username = '%{SQL-User-Name}' AND > ${usergroup_table}.GroupName = ${groupreply_table}.GroupName ORDER BY > ${groupreply_table}.id" > > simul_count_query = "SELECT COUNT(*) FROM ${acct_table1} WHERE > UserName='%{SQL-User-Name}' AND AcctStopTime = 0" > > simul_verify_query = "SELECT RadAcctId, AcctSessionId, UserName, > NASIPAddress, NASPortId, FramedIPAddress, CallingStationId, > FramedProtocol FROM ${acct_table1} WHERE UserName='%{SQL-User-Name}' > AND AcctStopTime = 0" > > I tried to follow the instructions in the documentation page > "Simultaneous-Use" which comes with free radius package but obviously > i am doing some thing wrong . > > Incase Anyone knows the answer or can put me in the right direction , > please help me with that . > So what does debug show when you try to log in a user that is already logged in? - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html