Thanks Stefan that worked! Now I have one more problem. We give our user a time limit on how much time they can be online for and that seems to be a sticking point. I didn't get an error when I was testing because I had unlimited time and did not have that field in the database, but when I turned it loose for our customers nobody could connect. Do I need to add something to the select statement in the sql.conf file? Thanks again Mike The error from radiusd -X is: radius_xlat: 'jwardlaw' rlm_sql (sql): sql_set_user escaped user --> 'jwardlaw' radius_xlat: 'SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jwardlaw' ORDER BY id' rlm_sql (sql): Reserving sql socket id: 3 rlm_sql: Failed to create the pair: Unknown attribute "Total-Time-Limit" rlm_sql (sql): Error getting data from database rlm_sql (sql): SQL query error; rejecting user rlm_sql (sql): Released sql socket id: 3 modcall[authorize]: module "sql" returns fail for and the result when I put that SELECT statement in mysql is: mysql> SELECT id,UserName,Attribute,Value,op FROM radcheck WHERE Username = 'jwardlaw' ORDER BY id -> ; +------+----------+------------------+-----------+----+ | id | UserName | Attribute | Value | op | +------+----------+------------------+-----------+----+ | 1042 | jwardlaw | Password | XXXX | := | | 1043 | jwardlaw | Simultaneous-Use | 1 | := | | 1044 | jwardlaw | Total-Time-Limit | 2520000 | := | +------+----------+------------------+-----------+----+ 3 rows in set (0.00 sec) Stefan Winter wrote: +------+----------+------------------+--------+----+ | 1118 | mpearson | Password | XXXX| == | | 1119 | mpearson | Simultaneous-Use | 1 | == |+------+----------+------------------+--------+----+ 2 rows in set (0.29 sec)You want to force the user to only have one login session. Then you have to *set* Simultaneous-Use, by using the operator :=. The way it's in the db right now would only match the user if the incoming packet already contained an attribute Simultaneus-Use and if this attribute's value was 1 (because == is a check item, i.e. it compares things in the packet, it doesn't set anything). So, change the operator (BTW: for both entries, IIRC, Password or User-Password should be _set_ with :=). That should work much better.Also I went down through the debug of radisud and put in the select statments from I didn't get any results from:That's okay, it's no problem if they are entry. They could cause trouble if they were non-empty and filled with rubbish, that's why I wanted you to check them too. Greetings, Stefan |
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html