hi, everyone :
Now i have setup a test environment with
redhat9.0+freeradius0.9.3+mysql,with cisco 7401 as NAS. And now
everythings goes well till the service "Simultaneous-Use" gets some
problem.
i have found out that the file
/usr/local/var/log/radius/radutmp will only record the latest
logged user on the same nas, and the previus logged user ,no matter
how many users logged in and still keep online ,will be overlapd by
the last one, but the record in the mysql keeps right .
so checkrad.pl will not be called since
radwho will only find out the latest user. and many double log in
here is config:
there r four users ,both belong to usergroup "user1"
, they all can dial in the nas .
********************
mysql:radcheck
+----+---------------+---------------+----+---------------+
| id | UserName | Attribute | op | Value | +----+---------------+---------------+----+---------------+ | 1 | test | User-Password | := | test | | 2 | testglobalfix | User-Password | := | testglobalfix | | 5 | testglobal | User-Password | := | testglobal | | 4 | testlocal | User-Password | := | testlocal | +----+---------------+---------------+----+---------------+ mysql:radgroupcheck
+----+-----------+------------------+----+-------+
| id | GroupName | Attribute | op | Value | +----+-----------+------------------+----+-------+ | 1 | user1 | Simultaneous-Use | := | 1 | +----+-----------+------------------+----+-------+ mysql:usergroup
+----+---------------+-----------+
| id | UserName | GroupName | +----+---------------+-----------+ | 1 | test | user1 | | 2 | testglobalfix | user1 | | 3 | testlocal | user1 | | 4 | testglobal | user1 | +----+---------------+-----------+ with no change to /usr/local/etc/raddb/users ********************* cisco nas config:
aaa new-model ! aaa authentication login default line
enable
! text omitted
radius-server host 10.72.68.1 auth-port 1812 acct-port 1813 key 7
051F031C3545400E485744
************************** test begins
****************************************
when i use ethernet300 to dial , i can find the four
users can log to NAS and radius server log the record in
mysql correctely ,but the Simultaneous-Use will not work ,so many users can
double logg to the NAS.
issue command on radius server
:
1) now
no one is in the log
[EMAIL PROTECTED] radius]# radwho
Login Name What TTY When From Location 2) dial with user:testglobalfix
from nas1 and it is ok , got an address, logg in the
radutmp
[EMAIL PROTECTED] radius]# radwho Login Name What TTY When From Location testglobal testglobalfix PPP S0 Tue 17:33 10.64.12. 219.146.240.57 3) now testglobalfix is on
line ,then dial with user:test from the nas1
。
[EMAIL PROTECTED] radius]#
radwho
Login Name What TTY When From Location test test PPP S0 Tue 17:35 10.64.12. 219.146.240.58 4) i have found out the user:test overlap user:testglobalfix in
the radutmp ,and now from the nas1
issue "show caller "
both test and testglobalfix are there ,but radutmp can only
recorrd the latest one with the earlier one gone .so now radwho
will show only test is on line ,but testglobalfix has gone (should test and
testglobalfix both in the output?),while testglobalfix is on the nas1 and can
still access the network.
5) dial with user:testlocal
[EMAIL PROTECTED] radius]#
radwho
Login Name What TTY When From Location testlocal testlocal PPP S0 Tue 17:36 10.64.12. 10.72.66.1 6) the same thing
happend ,when another user:testlocal dialed in , it will overlap the previous
one(test) in the radutmp, because radwho will not find out the
test,testglobalfix on line ,so the "Simultaneous-Use" will not to
triggerd there will be many double logs in .radlast will also get the same
output.
But the records in
the mysql keeps right .
Can u give me a way out ? Thank u
first!
chenwei
MSN: [EMAIL PROTECTED]
Glad to talk to on msn at any time
! |