We are having a problem setting up Simultaneous-Use
restriction on our Radiator 3.2/Platypus 3/MS SQL 7 setup. It appears that
we can't get Radiator to stop if it finds the LoginLimit exceeding the
DefaultSimultaneousUse value. Am I just completely missing something or am
I completely missing something? :)
Config file and trace file are listed below.
The user is in the session database on the SQL server when we try and attempt a
second login.
Config
file
=======================================
# SessionDatabase method to dump all session information to SQL database
<SessionDatabase SQL>
Identifier LogSession
DBSource dbi:ODBC:Radius
DBUsername username
DBAuth password
=======================================
# SessionDatabase method to dump all session information to SQL database
<SessionDatabase SQL>
Identifier LogSession
DBSource dbi:ODBC:Radius
DBUsername username
DBAuth password
AddQuery insert into RADONLINE
(USERNAME,NASIDENTIFIER,NASPORT,ACCTSESSIONID,TIME_STAMP,FRAMEDIPADDRESS,NASPORTTYPE,SERVICETYPE,CALLEDSTATIONID,CAL
LINGSTATIONID) values
('%{User-Name}','%{NAS-IP-Address}',%{NAS-Port},'%{Acct-Session-Id}',%{Timestamp},'%{Framed-IP-Address}','%{NAS-Port
-Type}','%{Service-Type}','%{Called-Station-Id}','%{Calling-Station-Id}')
CountQuery select
NASIDENTIFIER,NASPORT,ACCTSESSIONID,FRAMEDIPADDRESS from RADONLINE Where
USERNAME='%{User-Name}'
</SessionDatabase>
</SessionDatabase>
# AuthBy method to check Platypus and also dump accounting information
<AuthBy EMERALD>
# Set all users to default to 1 simultaneous login
DefaultSimultaneousUse 1
Identifier CheckEMERALD
DBSource dbi:ODBC:platypus
DBUsername username
DBAuth password
DBUsername username
DBAuth password
AccountingTable Calls
AcctColumnDef UserName,User-Name
AcctColumnDef CallDate,Timestamp,integer-date
AcctColumnDef AcctStatusType,Acct-Status-Type,integer
AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef AcctSessionId,Acct-Session-Id
AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
AcctColumnDef NASIdentifier,NAS-IP-Address
AcctColumnDef NASPort,NAS-Port,integer
AcctColumnDef UserName,User-Name
AcctColumnDef CallDate,Timestamp,integer-date
AcctColumnDef AcctStatusType,Acct-Status-Type,integer
AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
AcctColumnDef AcctSessionId,Acct-Session-Id
AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
AcctColumnDef NASIdentifier,NAS-IP-Address
AcctColumnDef NASPort,NAS-Port,integer
AcctColumnDef data_in,Acct-Input-Octets,integer
AcctColumnDef data_out,Acct-Output-Octets,integer
AcctColumnDef ipaddress,Framed-IP-Address
AcctColumnDef data_out,Acct-Output-Octets,integer
AcctColumnDef ipaddress,Framed-IP-Address
AcctColumnDef ConnectInfo,Connect-Info
AcctColumnDef CalledStationId,Called-Station-Id
AcctColumnDef CallingStationId,Calling-Station-Id
AcctColumnDef CallingStationId,Calling-Station-Id
AuthSelect ,sa.LoginLimit
AuthColumnDef 0,Simultaneous-Use,check
AuthColumnDef 0,Simultaneous-Use,check
</AuthBy>
<Handler>
AuthByPolicy ContinueUntilAccept
SessionDatabase NoLogSession
RejectHasReason
SessionDatabase NoLogSession
RejectHasReason
# Check to see if username authenticates
AuthBy CheckEMERALD
AuthBy CheckEMERALD
</Handler>
TRACE 4 DUMP
=======================================
Mon Jan 20 20:15:12 2003: DEBUG: Packet dump:
*** Received from 209.68.228.179 port 1026 ....
Code: Access-Request
Identifier: 171
Authentic: **********
Attributes:
User-Name = "jeyerman"
User-Password = "*******"
NAS-IP-Address = 209.68.228.179
NAS-Port = 4
NAS-Port-Type = Async
Connect-Info = "45333 LAPM/V42BIS"
Calling-Station-Id = "909303xxxx"
=======================================
Mon Jan 20 20:15:12 2003: DEBUG: Packet dump:
*** Received from 209.68.228.179 port 1026 ....
Code: Access-Request
Identifier: 171
Authentic: **********
Attributes:
User-Name = "jeyerman"
User-Password = "*******"
NAS-IP-Address = 209.68.228.179
NAS-Port = 4
NAS-Port-Type = Async
Connect-Info = "45333 LAPM/V42BIS"
Calling-Station-Id = "909303xxxx"
Mon Jan 20 20:15:12 2003: DEBUG: Entering PreAuthHook-clearrealm
Mon Jan 20 20:15:12 2003: WARNING: Passed back request username (jeyerman).
Mon Jan 20 20:15:12 2003: DEBUG: Exiting PreAuthHook-clearrealm
Mon Jan 20 20:15:12 2003: DEBUG: Handling request with Handler ''
Mon Jan 20 20:15:12 2003: DEBUG: Handling with Radius::AuthEMERALD
Mon Jan 20 20:15:12 2003: DEBUG: Handling with Radius::AuthEMERALD: CheckEMERALD
Mon Jan 20 20:15:12 2003: DEBUG: Query is: select DateAdd(Day, ma.extension+ma.overdue, maExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
from masteraccounts ma, subaccounts sa
where (sa.login = 'jeyerman' or sa.shell = 'jeyerman')
and ma.customerid = sa.customerid
and sa.active <> 0 and ma.active <> 0
Mon Jan 20 20:15:12 2003: WARNING: Passed back request username (jeyerman).
Mon Jan 20 20:15:12 2003: DEBUG: Exiting PreAuthHook-clearrealm
Mon Jan 20 20:15:12 2003: DEBUG: Handling request with Handler ''
Mon Jan 20 20:15:12 2003: DEBUG: Handling with Radius::AuthEMERALD
Mon Jan 20 20:15:12 2003: DEBUG: Handling with Radius::AuthEMERALD: CheckEMERALD
Mon Jan 20 20:15:12 2003: DEBUG: Query is: select DateAdd(Day, ma.extension+ma.overdue, maExpireDate),
DateAdd(Day, sa.extension, saExpireDate), sa.AccountID, sa.AccountType,
sa.password, sa.login, sa.shell, sa.TimeLeft ,sa.LoginLimit
from masteraccounts ma, subaccounts sa
where (sa.login = 'jeyerman' or sa.shell = 'jeyerman')
and ma.customerid = sa.customerid
and sa.active <> 0 and ma.active <> 0
Mon Jan 20 20:15:12 2003: DEBUG: Select results: 2004-01-20 20:15:12.713,
2004-01-20 20:15:12.713, 1565, PPP, xxx, jeyerman, , , 1
Mon Jan 20 20:15:12 2003: DEBUG: Query is: select ra.RadAttributeID, ra.RadVendorID,
ra.RadVendorType,
Data, Value, Type, RadCheck
from RadConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID
and ra.RadVendorID = rc.RadVendorID
and ra.RadVendorType = rc.RadVendorType
and rc.AccountID=1565
Mon Jan 20 20:15:12 2003: DEBUG: Query is: select ra.RadAttributeID, ra.RadVendorID,
ra.RadVendorType,
Data, Value, Type, RadCheck
from RadConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID
and ra.RadVendorID = rc.RadVendorID
and ra.RadVendorType = rc.RadVendorType
and rc.AccountID=1565
Mon Jan 20 20:15:12 2003: DEBUG: Query is: select ra.RadAttributeID,
ra.RadVendorID,
ra.RadVendorType,
Data, Value, Type, RadCheck
from RadATConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID
and ra.RadVendorID = rc.RadVendorID
and ra.RadVendorType = rc.RadVendorType
and rc.AccountType='PPP'
ra.RadVendorType,
Data, Value, Type, RadCheck
from RadATConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID
and ra.RadVendorID = rc.RadVendorID
and ra.RadVendorType = rc.RadVendorType
and rc.AccountType='PPP'
Mon Jan 20 20:15:12 2003: DEBUG: Radius::AuthEMERALD looks for match with
jeyerman
Mon Jan 20 20:15:12 2003: DEBUG: Expiration date converted to: 1074585600
Mon Jan 20 20:15:12 2003: DEBUG: Expiration date converted to: 1074585600
Mon Jan 20 20:15:12 2003: DEBUG: Radius::AuthEMERALD ACCEPT:
Mon Jan 20 20:15:12 2003: DEBUG: Access accepted for jeyerman
Mon Jan 20 20:15:12 2003: DEBUG: Packet dump:
*** Sending to 209.68.228.179 port 1026 ....
Code: Access-Accept
Identifier: 171
Authentic: xxxxx
Attributes:
Framed-IP-Address = 255.255.255.254
Service-Type = 2
Framed-Protocol = 1
Idle-Timeout = 1200
Mon Jan 20 20:15:12 2003: DEBUG: Expiration date converted to: 1074585600
Mon Jan 20 20:15:12 2003: DEBUG: Expiration date converted to: 1074585600
Mon Jan 20 20:15:12 2003: DEBUG: Radius::AuthEMERALD ACCEPT:
Mon Jan 20 20:15:12 2003: DEBUG: Access accepted for jeyerman
Mon Jan 20 20:15:12 2003: DEBUG: Packet dump:
*** Sending to 209.68.228.179 port 1026 ....
Code: Access-Accept
Identifier: 171
Authentic: xxxxx
Attributes:
Framed-IP-Address = 255.255.255.254
Service-Type = 2
Framed-Protocol = 1
Idle-Timeout = 1200
=======================================
Thanks!