On Fri, Sep 9, 2011 at 8:32 PM, andreapepa <andrea.p...@trentinonetwork.it> wrote: > http://freeradius.1045715.n5.nabble.com/file/n4786389/freeradlogdebug > freeradlogdebug > > that is the log.
Then your NAS (in this case, the simulator) is clearly broken (or perhaps just misconfigured). It says "rad_recv: Accounting-Request packet from host 172.25.18.35 port 64225, id=246, length=153 Acct-Status-Type = Start " even though the access request was clearly rejected earlier with "Sending Access-Reject of id 40 to 172.25.18.35 port 64225 Reply-Message := "\r\nYou are already logged in - access denied\r\n\n" Now this is a slightly different case compared to what Bjørn mentioned. If Acct-Status-Type=Stop then it would've still made sense somehow, and it will not interfere with simultaneous use checking. HOWEVER, if a NAS sends 'Acct-Status-Type = Start' for a previously rejected authentication request, and without ANY 'Acct-Status-Type = Stop', then it doesn't make any sense, and it WILL interfere with simultaneous query check. No session was ever actually started so it shouldn't even send 'Acct-Status-Type = Start'. So you got two different things: (1) NAS sending 'Acct-Status-Type = Start' for a previously rejected authentication request This is clearly wrong. Fix the NAS. The good thing is since you say this nas is just a simulator, it's entirely possible that it's simply misconfigured, and no "real" NAS would do such a thing. (2) Checking which users are actually logged in There are some ways to do this: a) checkrad (as Alan mentioned), which basically uses several methods (SNMP, telnet, etc.) to ask the NAS directly b) analyze entries on radacct table #2.a is accurate, but might not be desirable in some situation #2.b is more generic and easy, but not 100% accurate, requires interim updates to be configured, and it needs packet arrive time to be recorded. I record it in Acct-Stop-Time column, but you can easly add another column (e.g. Packet-Timestamp) for that purpose. -- Fajar - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html