Good afternoon,
I have inherited an aged ICRadius install and I am in process of
converting to FreeRadius 1.1.7. Currently I have a master DB on our
Management server replicating to two radius servers. Each radius server
has a unique sql instance to send accounting data to the master DB.
Everything is working, the DB conversion from ICRadius to FreeRadius
went fine.
In testing the only issue I have found is I am unable to stop
Simultaneous use. I read the docs carefully, checked the Wiki, and I
believe I have everything configured properly. Using RadiusTest 2.4.3
and radwho I see the following. I check for a login using radwho and I
see I have a session, I then attempt both a new auth and start
accounting again and still radwho shows only one login.
[EMAIL PROTECTED] /usr/local/etc/raddb]# radwho
Login Name What TTY When From Location
yellowhous yellowhousejake shell S1 Mon 11:35 192.168.4 192.168.0.1
--------------------10/27/2008 11:55:13 AM Test started [check
newrad1]-------------------------
Info:Sending Access-Request of id 0 to 10.0.241.95:1645
Password = "marlin"
User-Name = "yellowhousejake"
Framed-IP-Address = 192.168.0.1
Acct-Session-Id = "201"
Info: Access-Accept packet from host 10.0.241.95:1645, id=0, length=89
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 255.255.255.254
Framed-IP-Netmask = 255.255.255.255
Framed-Routing = None
Framed-Compression = Van-Jacobson-TCP-IP
Filter-Id = "std.ppp"
Framed-MTU = 1500
Port-Limit = 1
Idle-Timeout = 600
Session-Timeout = 28800
Total approved auths: 1
Total denied auths: 0
Total lost auths: 0
Total time(secs): 0
--------------------10/27/2008 11:55:13 AM Test finished [check
newrad1]-------------------------
--------------------10/27/2008 11:55:40 AM Test started [start
acct]-------------------------
Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646
User-Name = "yellowhousejake"
Acct-Session-Id = "201"
Acct-Status-Type = Start
NAS-Port = 1
Framed-IP-Address = 192.168.0.1
Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20
Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646
User-Name = "yellowhousejake"
Acct-Session-Id = "201"
Acct-Status-Type = Alive
NAS-Port = 1
Framed-IP-Address = 192.168.0.1
Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20
Total approved auths: 2
Total denied auths: 0
Total lost auths: 0
Total time(secs): 0
--------------------10/27/2008 11:55:40 AM Test finished [start
acct]-------------------------
--------------------10/27/2008 11:55:40 AM Test started [start
acct]-------------------------
Info:Sending Accounting-Request of id 0 to 10.0.241.95:1646
User-Name = "yellowhousejake"
Acct-Session-Id = "201"
Acct-Status-Type = Start
NAS-Port = 1
Framed-IP-Address = 192.168.0.1
Info: Accounting-Response packet from host 10.0.241.95:1646, id=0, length=20
Info:Sending Accounting-Request of id 1 to 10.0.241.95:1646
User-Name = "yellowhousejake"
Acct-Session-Id = "201"
Acct-Status-Type = Alive
NAS-Port = 1
Framed-IP-Address = 192.168.0.1
Info: Accounting-Response packet from host 10.0.241.95:1646, id=1, length=20
Total approved auths: 2
Total denied auths: 0
Total lost auths: 0
Total time(secs): 0
--------------------10/27/2008 11:55:40 AM Test finished [start
acct]-------------------------
[EMAIL PROTECTED] /usr/local/etc/raddb]# radwho
Login Name What TTY When From Location
yellowhous yellowhousejake shell S1 Mon 11:55 192.168.4 192.168.0.1
Here are the parts of my conf I believe I need to check for simultaneous
use.
## radiusd.conf
radutmp {
filename = ${logdir}/radutmp
username = %{User-Name}
case_sensitive = yes
check_with_nas = no
callerid = "yes"
}
accounting {
radutmp
## sradutmp
sql_acct
}
session {
radutmp
sql_acct
}
## sql.conf
# Uncomment simul_count_query to enable simultaneous use checking
simul_count_query = "SELECT COUNT(*) \
FROM ${acct_table1} \
WHERE UserName='%{SQL-User-Name}' \
AND AcctStopTime = 0"
Note I enabled radutmp after sql was failing to stop the second login. I
am certain I have missed something simple but I am unable to find it.
Any help, cluesmacks, etc are appreciated.
DAve
--
I am watching the debate and I am very disappointed. The rules are
simple, "answer the question". I would vote right now, and I can
in Indiana, for the man who answered the question directly, in
less than a minute, and then sat down before the green light was out.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
