Hi,
we are using FreeRadius 1.1.3 on Fedora Core 6 and the RLM_LDAP module, we're needing control simultaneous logins, eg. the ldap user "John" can authenticate only one time. When are monitoring the ldap users logins, they can log successfully in ldap, but we can't see or monitoring the users login in radutmp log file is empty with 0kb, when we execute the radwho command, it is empty but is opening. could you help me please? Regards, Maicon Wendhausen Freeradius Files Logs File: [EMAIL PROTECTED] radius]# ls -la total 24 drwx------ 3 radiusd radiusd 4096 Dec 14 18:21 . drwxr-xr-x 10 root root 4096 Dec 14 19:06 .. drwx------ 3 radiusd radiusd 4096 Dec 14 19:55 radacct -rw------- 1 radiusd root 5357 Dec 14 20:03 radius.log -rw-r--r-- 1 radiusd root 0 Dec 14 18:21 radutmp -rw-r--r-- 1 radiusd root 0 Dec 14 18:21 radwtmp [EMAIL PROTECTED] radius]# Log do Radius in Debug mode rad_recv: Access-Request packet from host 10.69.70.210:32771, id=87, length=63 User-Name = "user6" User-Password = "user6" NAS-IP-Address = 10.69.70.210 Service-Type = Authenticate-Only NAS-Port = 0 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 2 modcall[authorize]: module "chap" returns noop for request 2 modcall[authorize]: module "mschap" returns noop for request 2 rlm_realm: No '@' in User-Name = "user6", looking up realm NULL rlm_realm: No such realm "NULL" modcall[authorize]: module "suffix" returns noop for request 2 modcall[authorize]: module "digest" returns noop for request 2 users: Matched entry DEFAULT at line 222 modcall[authorize]: module "files" returns ok for request 2 rlm_ldap: - authorize rlm_ldap: performing user authorization for user6 radius_xlat: '(uid=user6)' radius_xlat: 'dc=nct,dc=com,dc=br' rlm_ldap: ldap_get_conn: Checking Id: 0 rlm_ldap: ldap_get_conn: Got Id: 0 rlm_ldap: performing search in dc=nct,dc=com,dc=br, with filter (uid=user6) rlm_ldap: Added password {SSHA}f21M8OjksIKSJ1zUEii6JWKu43tWPRFgsBeiQg== in check items rlm_ldap: looking for check items in directory... rlm_ldap: looking for reply items in directory... rlm_ldap: Setting Auth-Type = ldap rlm_ldap: user user6 authorized to use remote access rlm_ldap: ldap_release_conn: Release Id: 0 modcall[authorize]: module "ldap" returns ok for request 2 modcall: leaving group authorize (returns ok) for request 2 rad_check_password: Found Auth-Type ldap auth: type "LDAP" Processing the authenticate section of radiusd.conf modcall: entering group LDAP for request 2 rlm_ldap: - authenticate rlm_ldap: login attempt by "user6" with password "user6" rlm_ldap: user DN: uid=user6,dc=nct,dc=com,dc=br rlm_ldap: (re)connect to 10.69.70.25:389, authentication 1 rlm_ldap: could not set LDAP_OPT_X_TLS_REQUIRE_CERT option to allow rlm_ldap: bind as uid=user6,dc=nct,dc=com,dc=br/user6 to 10.69.70.25:389 rlm_ldap: waiting for bind result ... rlm_ldap: Bind was successful rlm_ldap: user user6 authenticated succesfully modcall[authenticate]: module "ldap" returns ok for request 2 modcall: leaving group LDAP (returns ok) for request 2 Processing the session section of radiusd.conf modcall: entering group session for request 2 radius_xlat: '/var/log/radius/radutmp' radius_xlat: 'user6' modcall[session]: module "radutmp" returns ok for request 2 modcall: leaving group session (returns ok) for request 2 Login OK: [user6] (from client firepass port 0) Sending Access-Accept of id 87 to 10.69.70.210 port 32771 Finished request 2 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... users file #...... DEFAULT Simultaneous-Use := 1 Fall-Through = 1 clients.conf file .... default configuration..... client 10.69.70.210 { secret = teste shortname = firepass } radiusd.conf prefix = /usr exec_prefix = /usr sysconfdir = /etc localstatedir = /var sbindir = /usr/sbin logdir = ${localstatedir}/log/radius raddbdir = ${sysconfdir}/raddb radacctdir = ${logdir}/radacct confdir = ${raddbdir} run_dir = ${localstatedir}/run/radiusd log_file = ${logdir}/radius.log libdir = ${exec_prefix}/lib pidfile = ${run_dir}/radiusd.pid max_request_time = 30 delete_blocked_requests = no cleanup_delay = 5 max_requests = 1024 bind_address = * port = 0 hostname_lookups = no allow_core_dumps = no regular_expressions = yes extended_expressions = yes log_stripped_names = no log_auth = yes log_auth_badpass = no log_auth_goodpass = no usercollide = no lower_user = no lower_pass = no nospace_user = no nospace_pass = no checkrad = ${sbindir}/checkrad security { max_attributes = 200 reject_delay = 1 status_server = yes } proxy_requests = yes $INCLUDE ${confdir}/proxy.conf $INCLUDE ${confdir}/clients.conf snmp = no $INCLUDE ${confdir}/snmp.conf thread pool { start_servers = 5 max_servers = 32 min_spare_servers = 3 max_spare_servers = 10 max_requests_per_server = 0 } modules { radutmp { filename = ${logdir}/radutmp ## username = "(uid=%{Stripped-User-Name:-%{User-Name}})" username = %{User-Name} case_sensitive = "yes" check_with_nas = "yes" perm = "0644" callerid = "no" } pap { encryption_scheme = crypt } chap { authtype = CHAP } #$INCLUDE ${confdir}/eap.conf mschap { authtype = MS-CHAP use_mppe = yes require_encryption = yes require_strong = no } ldap { server="10.69.70.25" identity="uid=gged,dc=nct,dc=com,dc=br" password=ged basedn="dc=nct,dc=com,dc=br" filter = (uid=%{Stripped-User-Name:-%{User-Name}}) ## filter= (uid=gged,dc=nct,dc=com,dc=br) password_attribute = userPassword dictionary_mapping = ${raddbdir}/ldap.attrmap ldap_cache_timeout = 150 ldap_cache_size = 0 ldap_connections_number = 1 timeout = 3 timelimit = 5 net_timeout = 1 compare_check_items = no } realm suffix { format = suffix delimiter = "@" } realm realmpercent { format = suffix delimiter = "%" ignore_default = no ignore_null = no } preprocess { huntgroups = ${confdir}/huntgroups hints = ${confdir}/hints with_ascend_hack = no ascend_channels_per_line = 23 with_ntdomain_hack = no with_specialix_jetstream_hack = no with_cisco_vsa_hack = yes } files { usersfile = ${confdir}/users acctusersfile = ${confdir}/acct_users compat = no } detail { detailfile = ${radacctdir}/%{Client-IP-Address}/detail-%Y%m%d detailperm = 0600 } acct_unique { #key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port" key = "User-Name, Acct-Session-Id, NAS-IP-Address" } radutmp sradutmp { filename = ${logdir}/sradutmp perm = 0644 callerid = "no" } attr_filter { attrsfile = ${confdir}/attrs } counter daily { filename = ${raddbdir}/db.daily key = User-Name count-attribute = Acct-Session-Time reset = daily counter-name = Daily-Session-Time check-name = Max-Daily-Session allowed-servicetype = Framed-User cache-size = 5000 } always fail { rcode = fail } always reject { rcode = reject } always ok { rcode = ok simulcount = 0 mpp = no } expr { } digest { } exec { wait = yes input_pairs = request } exec echo { wait = yes program = "/bin/echo %{User-Name}" input_pairs = request output_pairs = reply } ippool main_pool { range-start = 192.168.1.1 range-stop = 192.168.3.254 netmask = 255.255.255.0 cache-size = 800 session-db = ${raddbdir}/db.ippool ip-index = ${raddbdir}/db.ipindex override = no maximum-timeout = 0 } } instantiate { exec expr # daily } authorize { #preprocess # auth_log # attr_filter chap mschap suffix digest # ntdomain #eap # Read the 'users' file files ldap # daily # checkval } authenticate { Auth-Type PAP { pap ldap } Auth-Type CHAP { chap ldap } Auth-Type MS-CHAP { mschap ldap } Auth-Type LDAP { ldap } } preacct { preprocess acct_unique suffix # Read the 'acct_users' file #files } accounting { detail # daily # # For Simultaneous-Use tracking. # radutmp # sradutmp # main_pool } session { radutmp # sql } post-auth { } pre-proxy { } post-proxy { } - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html